Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack this log - gulliverfoyle

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack this log - gulliverfoyle

Unread postby gulliverfoyle » September 10th, 2009, 8:24 pm

Greetings,

My computer was infected with various viruses/spywares/keyloggers etc., which manifested itself in my World of Warcraft account being stolen about a week ago. After it was recovered, i used this guide to prevent another attack: http://forums.wow-europe.com/thread.htm ... 2401&sid=1

I didn't post a log here back then, and probably skipped one step or did something wrong, because as of today, my account was stolen AGAIN. I ran those programs mentioned in the guide again, and now I present you with the Hijack log file, hoping you guys can help me finding out what the problem is. Thanks in forehand, and sorry for my bad english.

--------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:03, on 2009.09.11.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Géza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Géza\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: Adobe PDF Reader hivatkozássúgó - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1noarp
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Géza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HELYI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'HÁLÓZATI SZOLGÁLTATÁS')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Letöltés a FlashGet-tel - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Minden letöltése a FlashGet-tel - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2567CE2-C0B7-416A-836E-BD86D143CF72}: NameServer = 84.2.46.1,84.2.44.1
O20 - AppInit_DLLs: C:\WINDOWS\TEMP\2455sys.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9f014b550680c) (gupdate1c9f014b550680c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8964 bytes
gulliverfoyle
Active Member
 
Posts: 12
Joined: September 10th, 2009, 8:12 pm
Advertisement
Register to Remove

Re: Hijack this log - gulliverfoyle

Unread postby Shaba » September 14th, 2009, 11:08 am

Hi gulliverfoyle

Please click this link-->Jotti

Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\WINDOWS\TEMP\2455sys.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Hijack this log - gulliverfoyle

Unread postby gulliverfoyle » September 14th, 2009, 11:28 am

Hey there,

In the directory C:\WINDOWS\TEMP are only two files: MSI56e08.LOG and Perflib_Perfdata_5fc.dat, there is no 2455sys.dll

I made a file search for the entire hard drive and this file is nowhere present.

But while we're "on topic", maybe you could help with this, it could be related with my problem: when i check the size of my WINDOWS directory on C:\, it says that it is a whooping 56 GB... but when I enter the directory and select all its contents (hidden and system files are enabled to appear, yes), and then right-click/properties and check the size, it's only 5 GB, which is, the size it should be I presume. But that "bonus" 50GB is apparently present on the hard drive, because when I look at the free/occupied space on C:\, it definately takes that 50GB into account...

Edit: I ran Hijack this just now and that file/process you asked me to analyse is still in the log, but I can't find it on the given path, or nowhere else...
gulliverfoyle
Active Member
 
Posts: 12
Joined: September 10th, 2009, 8:12 pm

Re: Hijack this log - gulliverfoyle

Unread postby Shaba » September 14th, 2009, 12:34 pm

You don't have to search for it, just copy/paste C:\WINDOWS\TEMP\2455sys.dll to upload box and click submit/send :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Hijack this log - gulliverfoyle

Unread postby gulliverfoyle » September 14th, 2009, 1:13 pm

In Chrome and Firefox, copy-pasting wouldn't work, either there was no white blank field at all or it reacted with the 'upload files' window popping up. But now with Internet Explorer it finally worked, here are the results from both sites:

Virustotal: 0 bytes size received / Se ha recibido un archivo vacio
Jotti: File is empty (0 bytes)!

So basically, nothing too informative. :)
gulliverfoyle
Active Member
 
Posts: 12
Joined: September 10th, 2009, 8:12 pm

Re: Hijack this log - gulliverfoyle

Unread postby Shaba » September 14th, 2009, 1:28 pm

So either it doesn't exist or malware blocks uploading.

Download gmer.zip and save to your desktop.
alternate download site
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Hijack this log - gulliverfoyle

Unread postby gulliverfoyle » September 14th, 2009, 3:14 pm

GMER 1.0.15.15086 - http://www.gmer.net
Rootkit scan 2009-09-14 21:07:39
Windows 5.1.2600 Szervizcsomag 2
Running: gmer.exe; Driver: C:\DOCUME~1\GZA~1\LOCALS~1\Temp\aujasnkj.sys


---- System - GMER 1.0.15 ----

SSDT 8A29C630 ZwAssignProcessToJobObject
SSDT 8A29BA60 ZwOpenProcess
SSDT 8A29BE80 ZwOpenThread
SSDT 8A29C460 ZwSuspendProcess
SSDT 8A29C280 ZwSuspendThread
SSDT 8A29BC90 ZwTerminateProcess
SSDT 8A29C0B0 ZwTerminateThread

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1868] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 4 Bytes [C2, 04, 00, 00]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \FileSystem\Fastfat \Fat B5FD9C8A

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:420] 8A29A790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install\VxDs
Reg HKLM\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install\VxDs@CTE_32 Name 2454745:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\fp0-{BAC84E26-D9CB-5B7D-F269-F868A3430697}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\fp0-{BAC84E26-D9CB-5B7D-F269-F868A3430697}\Version 1.1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\fp0-{BAC84E26-D9CB-5B7D-F269-F868A3430697}\Version 1.1@dat 806585365:{98A65D25-854F-D88A-4365-EDF2E6D60835}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{F6757B2E-8486-7DD9-E9EC-501414C36A43}
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{F6757B2E-8486-7DD9-E9EC-501414C36A43}\Install
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{F6757B2E-8486-7DD9-E9EC-501414C36A43}\Install\fp0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{F6757B2E-8486-7DD9-E9EC-501414C36A43}\Install\fp0\dat
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\{F6757B2E-8486-7DD9-E9EC-501414C36A43}\Install\fp0\dat@default 516231384:{0A6B596A-9759-979C-47F6-C2DAD87CDDF7}
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\fp0-{BAC84E26-D9CB-5B7D-F269-F868A3430697}
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\fp0-{BAC84E26-D9CB-5B7D-F269-F868A3430697}\Version 3.x
Reg HKLM\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\fp0-{BAC84E26-D9CB-5B7D-F269-F868A3430697}\Version 3.x@dat 1767914624:{734C87F3-6F92-6267-54D1-9D584F3DDBD8}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll@AplicationGoo b9)#83?0000??la5b5?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll@ChkAppHelp {55301081-0788-4017-AB59-FB66F27A3389}
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x87 0xF2 0xCC 0xC8 ...

---- EOF - GMER 1.0.15 ----
gulliverfoyle
Active Member
 
Posts: 12
Joined: September 10th, 2009, 8:12 pm

Re: Hijack this log - gulliverfoyle

Unread postby Shaba » September 14th, 2009, 11:59 pm

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Hijack this log - gulliverfoyle

Unread postby gulliverfoyle » September 15th, 2009, 9:39 am

ComboFix 09-09-14.02 - Géza 009.09.15. 15:04.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.36.1038.18.2047.1502 [GMT 2:00]
Running from: c:\documents and settings\Géza\Asztal\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Géza\Application Data\Microsoft\Clip Organizer\mstore10.mgc
c:\documents and settings\Géza\Application Data\Microsoft\Clip Organizer\Offic10.MGC
c:\windows\Installer\104378a.msp
c:\windows\Installer\1054456.msp
c:\windows\Installer\1069f04.msp
c:\windows\Installer\10d42a.msp
c:\windows\Installer\10f6e15.msp
c:\windows\Installer\114bb71.msp
c:\windows\Installer\116c51c.msp
c:\windows\Installer\1174190.msp
c:\windows\Installer\11ab5f6.msp
c:\windows\Installer\11b5c67.msp
c:\windows\Installer\12028fb.msp
c:\windows\Installer\1206a59.msp
c:\windows\Installer\1206f3b.msp
c:\windows\Installer\12104c5.msp
c:\windows\Installer\1217c66.msp
c:\windows\Installer\121b6bf.msp
c:\windows\Installer\1224236.msp
c:\windows\Installer\128d409.msp
c:\windows\Installer\12b99ff.msp
c:\windows\Installer\12be9e4.msp
c:\windows\Installer\12cc60c.msp
c:\windows\Installer\12d0027.msp
c:\windows\Installer\12eac02.msp
c:\windows\Installer\12ff3a5.msp
c:\windows\Installer\1300326.msp
c:\windows\Installer\1322961.msp
c:\windows\Installer\132d57f.msp
c:\windows\Installer\133b7d1.msp
c:\windows\Installer\1344c41.msp
c:\windows\Installer\13506e6.msp
c:\windows\Installer\1372d22.msp
c:\windows\Installer\139425.msp
c:\windows\Installer\1412939.msp
c:\windows\Installer\142c9d9.msp
c:\windows\Installer\1431fb.msp
c:\windows\Installer\148bc40.msp
c:\windows\Installer\14a32a3.msp
c:\windows\Installer\14bad4d.msp
c:\windows\Installer\152710d.msp
c:\windows\Installer\15769a2.msp
c:\windows\Installer\1581311.msp
c:\windows\Installer\1581b6e.msp
c:\windows\Installer\159738.msp
c:\windows\Installer\15a49d7.msp
c:\windows\Installer\15dc5ee.msp
c:\windows\Installer\15e3448.msp
c:\windows\Installer\16025f6.msp
c:\windows\Installer\16530bc.msp
c:\windows\Installer\1677cbf.msp
c:\windows\Installer\16b1363.msp
c:\windows\Installer\172e334.msp
c:\windows\Installer\175eac7.msp
c:\windows\Installer\1782788.msp
c:\windows\Installer\17cfe7c.msp
c:\windows\Installer\17dd0c0.msp
c:\windows\Installer\17fe4cb.msp
c:\windows\Installer\18241b6.msp
c:\windows\Installer\1849cbd.msp
c:\windows\Installer\1862707.msp
c:\windows\Installer\186ba00.msp
c:\windows\Installer\18ba45c.msp
c:\windows\Installer\18e9579.msp
c:\windows\Installer\190188f.msp
c:\windows\Installer\192e1a2.msp
c:\windows\Installer\19343d7.msp
c:\windows\Installer\193b926.msp
c:\windows\Installer\193c933.msp
c:\windows\Installer\197257.msp
c:\windows\Installer\19c4a14.msp
c:\windows\Installer\19f7a4e.msp
c:\windows\Installer\1a5fa7d.msp
c:\windows\Installer\1a72c17.msp
c:\windows\Installer\1a818f8.msp
c:\windows\Installer\1a8c044.msp
c:\windows\Installer\1a9f346.msp
c:\windows\Installer\1ab8177.msp
c:\windows\Installer\1b428fb.msp
c:\windows\Installer\1b57254.msp
c:\windows\Installer\1b76d78.msp
c:\windows\Installer\1b8a3b6.msp
c:\windows\Installer\1c980f8.msp
c:\windows\Installer\1ced9ce.msp
c:\windows\Installer\1ceda8a.msp
c:\windows\Installer\1d05c96.msp
c:\windows\Installer\1d2067d.msp
c:\windows\Installer\1d21c38.msp
c:\windows\Installer\1d6dac1.msp
c:\windows\Installer\1d7acc7.msp
c:\windows\Installer\1da2ff7.msp
c:\windows\Installer\1db8a28.msp
c:\windows\Installer\1dbc211.msp
c:\windows\Installer\1e5962e.msp
c:\windows\Installer\1e734ca.msp
c:\windows\Installer\1ee6b4.msp
c:\windows\Installer\1f1d475.msp
c:\windows\Installer\1f29871.msp
c:\windows\Installer\1f2be39.msp
c:\windows\Installer\1fa62a4.msp
c:\windows\Installer\1fad8e.msp
c:\windows\Installer\1fb91.msp
c:\windows\Installer\1fd32bc.msp
c:\windows\Installer\1fded61.msp
c:\windows\Installer\1ff7559.msp
c:\windows\Installer\203382d.msp
c:\windows\Installer\205a833.msp
c:\windows\Installer\206eeae.msp
c:\windows\Installer\20872.msp
c:\windows\Installer\209fecc.msp
c:\windows\Installer\20a4441.msp
c:\windows\Installer\20ac95f.msp
c:\windows\Installer\20ada57.msp
c:\windows\Installer\2110c66.msp
c:\windows\Installer\2115ac5.msp
c:\windows\Installer\211973.msp
c:\windows\Installer\211f196.msp
c:\windows\Installer\21277ce.msp
c:\windows\Installer\212f1.msp
c:\windows\Installer\2136700.msp
c:\windows\Installer\2152097.msp
c:\windows\Installer\215ab24.msp
c:\windows\Installer\2190432.msp
c:\windows\Installer\2191009.msp
c:\windows\Installer\2193573.msp
c:\windows\Installer\21963b7.msp
c:\windows\Installer\21d4a21.msp
c:\windows\Installer\22882ee.msp
c:\windows\Installer\228db01.msp
c:\windows\Installer\22ad7db.msp
c:\windows\Installer\22c5bea.msp
c:\windows\Installer\22d6953.msp
c:\windows\Installer\23b1246.msp
c:\windows\Installer\23fd256.msp
c:\windows\Installer\2465eca.msp
c:\windows\Installer\247705.msp
c:\windows\Installer\2477bb4.msp
c:\windows\Installer\2486f4b.msp
c:\windows\Installer\2493896.msp
c:\windows\Installer\24b9275.msp
c:\windows\Installer\24bffa6.msp
c:\windows\Installer\24c0b5e.msp
c:\windows\Installer\24c7a92.msp
c:\windows\Installer\24c9e76.msp
c:\windows\Installer\250d2a2.msp
c:\windows\Installer\252ba0f.msp
c:\windows\Installer\2570afb.msp
c:\windows\Installer\2582b9d.msp
c:\windows\Installer\2586a4c.msp
c:\windows\Installer\25bd22.msp
c:\windows\Installer\25c6e.msp
c:\windows\Installer\260fdea.msp
c:\windows\Installer\2626ae8.msp
c:\windows\Installer\267e05e.msp
c:\windows\Installer\268fa98.msp
c:\windows\Installer\26bb17a.msp
c:\windows\Installer\26ce95e.msp
c:\windows\Installer\26fb1d5.msp
c:\windows\Installer\270f7e1.msp
c:\windows\Installer\27161e6.msp
c:\windows\Installer\2723c68.msp
c:\windows\Installer\27272d9.msp
c:\windows\Installer\27355d6.msp
c:\windows\Installer\2750f5e.msp
c:\windows\Installer\2752b33.msp
c:\windows\Installer\276e6fc.msp
c:\windows\Installer\27709e.msp
c:\windows\Installer\2799b2f.msp
c:\windows\Installer\27b7f03.msp
c:\windows\Installer\27c0895.msp
c:\windows\Installer\282c1a7.msp
c:\windows\Installer\2834f9f.msp
c:\windows\Installer\288b73a.msp
c:\windows\Installer\289626e.msp
c:\windows\Installer\28a5809.msp
c:\windows\Installer\28c78e5.msp
c:\windows\Installer\28e42a9.msp
c:\windows\Installer\28f2875.msp
c:\windows\Installer\2942252.msp
c:\windows\Installer\294230e.msp
c:\windows\Installer\29477d5.msp
c:\windows\Installer\295b9ea.msp
c:\windows\Installer\29a38fa.msp
c:\windows\Installer\29d3a63.msp
c:\windows\Installer\29f348d.msp
c:\windows\Installer\2a006c1.msp
c:\windows\Installer\2a12292.msp
c:\windows\Installer\2a1ee4e.msp
c:\windows\Installer\2a2cff.msp
c:\windows\Installer\2a4b379.msp
c:\windows\Installer\2a6a882.msp
c:\windows\Installer\2a75453.msp
c:\windows\Installer\2a7e71d.msp
c:\windows\Installer\2aa17a9.msp
c:\windows\Installer\2aa69a1.msp
c:\windows\Installer\2ac77e0.msp
c:\windows\Installer\2b7949a.msp
c:\windows\Installer\2b7e77d.msp
c:\windows\Installer\2b91bc7.msp
c:\windows\Installer\2ba7ed1.msp
c:\windows\Installer\2bcb038.msp
c:\windows\Installer\2be918b.msp
c:\windows\Installer\2bedb84.msp
c:\windows\Installer\2bf04a.msp
c:\windows\Installer\2c06f05.msp
c:\windows\Installer\2c42a38.msp
c:\windows\Installer\2c43804.msp
c:\windows\Installer\2c82d81.msp
c:\windows\Installer\2c84743.msp
c:\windows\Installer\2c84b98.msp
c:\windows\Installer\2c9d99b.msp
c:\windows\Installer\2cb5dca.msp
c:\windows\Installer\2cc30f8.msp
c:\windows\Installer\2cd6e1.msp
c:\windows\Installer\2cf9939.msp
c:\windows\Installer\2d053a0.msp
c:\windows\Installer\2d1db88.msp
c:\windows\Installer\2d38f81.msp
c:\windows\Installer\2d7376b.msp
c:\windows\Installer\2d80efe.msp
c:\windows\Installer\2daccf6.msp
c:\windows\Installer\2dad504.msp
c:\windows\Installer\2dba96b.msp
c:\windows\Installer\2dd110.msp
c:\windows\Installer\2dd304.msp
c:\windows\Installer\2dec7a3.msp
c:\windows\Installer\2df2c58.msp
c:\windows\Installer\2dfdb16.msp
c:\windows\Installer\2e0a210.msp
c:\windows\Installer\2e2fb81.msp
c:\windows\Installer\2e4e81e.msp
c:\windows\Installer\2e73c30.msp
c:\windows\Installer\2ea0552.msp
c:\windows\Installer\2ecdb65.msp
c:\windows\Installer\2edb877.msp
c:\windows\Installer\2f04b28.msp
c:\windows\Installer\2f192db.msp
c:\windows\Installer\2f2728c.msp
c:\windows\Installer\2f27868.msp
c:\windows\Installer\2f5d9e3.msp
c:\windows\Installer\2f66c4.msp
c:\windows\Installer\2f87d6c.msp
c:\windows\Installer\2f8cef7.msp
c:\windows\Installer\2fd623b.msp
c:\windows\Installer\300a560.msp
c:\windows\Installer\300bd7c.msp
c:\windows\Installer\301ec38.msp
c:\windows\Installer\301fd3f.msp
c:\windows\Installer\3021953.msp
c:\windows\Installer\302a854.msp
c:\windows\Installer\3076826.msp
c:\windows\Installer\30b907b.msp
c:\windows\Installer\30bcead.msp
c:\windows\Installer\30beee7.msp
c:\windows\Installer\30ffd89.msp
c:\windows\Installer\310ea5a.msp
c:\windows\Installer\31366f3.msp
c:\windows\Installer\3139f87.msp
c:\windows\Installer\313d49.msp
c:\windows\Installer\3155a3.msp
c:\windows\Installer\3171c6a.msp
c:\windows\Installer\317b27f.msp
c:\windows\Installer\318eaff.msp
c:\windows\Installer\3198cfc.msp
c:\windows\Installer\31d0be2.msp
c:\windows\Installer\3258c65.msp
c:\windows\Installer\327baaf.msp
c:\windows\Installer\329ae32.msp
c:\windows\Installer\32a1e71.msp
c:\windows\Installer\32abef6.msp
c:\windows\Installer\32c6a74.msp
c:\windows\Installer\32d1c40.msp
c:\windows\Installer\32f8929.msp
c:\windows\Installer\332b098.msp
c:\windows\Installer\334722.msp
c:\windows\Installer\3355e33.msp
c:\windows\Installer\337a3ce.msp
c:\windows\Installer\3391b7a.msp
c:\windows\Installer\33c7236.msp
c:\windows\Installer\33efcba.msp
c:\windows\Installer\3406ff1.msp
c:\windows\Installer\34169b2.msp
c:\windows\Installer\341deb.msp
c:\windows\Installer\3429e3b.msp
c:\windows\Installer\34340e3.msp
c:\windows\Installer\344b3ad.msp
c:\windows\Installer\346157f.msp
c:\windows\Installer\3474267.msp
c:\windows\Installer\3493b39.msp
c:\windows\Installer\349c1bf.msp
c:\windows\Installer\34f7a0a.msp
c:\windows\Installer\3548b38.msp
c:\windows\Installer\35960c5.msp
c:\windows\Installer\35ea7f7.msp
c:\windows\Installer\36cff3b.msp
c:\windows\Installer\36ddbcf.msp
c:\windows\Installer\36e8156.msp
c:\windows\Installer\36f9893.msp
c:\windows\Installer\370195b.msp
c:\windows\Installer\372f02a.msp
c:\windows\Installer\3769082.msp
c:\windows\Installer\3794b8b.msp
c:\windows\Installer\37a94b5.msp
c:\windows\Installer\37c024f.msp
c:\windows\Installer\3820a02.msp
c:\windows\Installer\3842d9e.msp
c:\windows\Installer\38f441e.msp
c:\windows\Installer\38f596b.msp
c:\windows\Installer\3914722.msp
c:\windows\Installer\391790f.msp
c:\windows\Installer\39a3880.msp
c:\windows\Installer\39a40dc.msp
c:\windows\Installer\39b70a2.msp
c:\windows\Installer\39f17f.msp
c:\windows\Installer\3a4a979.msp
c:\windows\Installer\3a58839.msp
c:\windows\Installer\3a6ffec.msp
c:\windows\Installer\3aa0b29.msp
c:\windows\Installer\3ab7b24.msp
c:\windows\Installer\3ac616d.msp
c:\windows\Installer\3b0398e.msp
c:\windows\Installer\3b55144.msp
c:\windows\Installer\3b95f0c.msp
c:\windows\Installer\3bbbee.msp
c:\windows\Installer\3bf048b.msp
c:\windows\Installer\3c0dc97.msp
c:\windows\Installer\3cae457.msp
c:\windows\Installer\3cc6857.msp
c:\windows\Installer\3ce824d.msp
c:\windows\Installer\3cfc8c8.msp
c:\windows\Installer\3d4c804.msp
c:\windows\Installer\3e2d5ea.msp
c:\windows\Installer\3e7648b.msp
c:\windows\Installer\3eeeaff.msp
c:\windows\Installer\3f084a.msp
c:\windows\Installer\3f6eeff.msp
c:\windows\Installer\3f7e84.msp
c:\windows\Installer\3fb776.msp
c:\windows\Installer\3fbc16f.msp
c:\windows\Installer\4051957.msp
c:\windows\Installer\40f3be2.msp
c:\windows\Installer\4106be6.msp
c:\windows\Installer\415e6cb.msp
c:\windows\Installer\41d9c2e.msp
c:\windows\Installer\41dc811.msp
c:\windows\Installer\425c059.msp
c:\windows\Installer\4263ba.msp
c:\windows\Installer\42ad46.msp
c:\windows\Installer\42e686a.msp
c:\windows\Installer\42ee971.msp
c:\windows\Installer\43acd63.msp
c:\windows\Installer\443f8e.msp
c:\windows\Installer\449efb7.msp
c:\windows\Installer\44b897.msp
c:\windows\Installer\44fe99.msp
c:\windows\Installer\4561555.msp
c:\windows\Installer\456f601.msp
c:\windows\Installer\45d3da.msp
c:\windows\Installer\4722c8f.msp
c:\windows\Installer\4758723.msp
c:\windows\Installer\4781c9.msp
c:\windows\Installer\4799b92.msp
c:\windows\Installer\482833c.msp
c:\windows\Installer\48c952d.msp
c:\windows\Installer\48e8d92.msp
c:\windows\Installer\4935256.msp
c:\windows\Installer\496805d.msp
c:\windows\Installer\49999c2.msp
c:\windows\Installer\4aa6012.msp
c:\windows\Installer\4ac309.msp
c:\windows\Installer\4b08271.msp
c:\windows\Installer\4b22890.msp
c:\windows\Installer\4b268f4.msp
c:\windows\Installer\4ba983b.msp
c:\windows\Installer\4c0b29.msp
c:\windows\Installer\4cafc27.msp
c:\windows\Installer\4cbae12.msp
c:\windows\Installer\4d071bc.msp
c:\windows\Installer\50e743f.msp
c:\windows\Installer\51001c5.msp
c:\windows\Installer\515f3dd.msp
c:\windows\Installer\522403.msp
c:\windows\Installer\52aeb7b.msp
c:\windows\Installer\5371e87.msp
c:\windows\Installer\53df9e6.msp
c:\windows\Installer\54595a7.msp
c:\windows\Installer\548d24.msp
c:\windows\Installer\54e68e.msp
c:\windows\Installer\54e986a.msp
c:\windows\Installer\5554b13.msp
c:\windows\Installer\573b7b.msp
c:\windows\Installer\57ec5aa.msp
c:\windows\Installer\5c71d52.msp
c:\windows\Installer\5caf469.msp
c:\windows\Installer\5d1b357.msp
c:\windows\Installer\5de64f9.msp
c:\windows\Installer\5e382ba.msp
c:\windows\Installer\5e85885.msp
c:\windows\Installer\5f2d1fa.msp
c:\windows\Installer\604c437.msp
c:\windows\Installer\60aaf2.msp
c:\windows\Installer\60ba2b3.msp
c:\windows\Installer\60dee3.msp
c:\windows\Installer\641b42.msp
c:\windows\Installer\644281.msp
c:\windows\Installer\6467607.msp
c:\windows\Installer\6532910.msp
c:\windows\Installer\662c2c7.msp
c:\windows\Installer\6685e63.msp
c:\windows\Installer\6961a94.msp
c:\windows\Installer\69c97b.msp
c:\windows\Installer\6b905c9.msp
c:\windows\Installer\6d1b32b.msp
c:\windows\Installer\6da7953.msp
c:\windows\Installer\6df1224.msp
c:\windows\Installer\6f9f264.msp
c:\windows\Installer\70d5884.msp
c:\windows\Installer\71ecdb.msp
c:\windows\Installer\73a4d3f.msp
c:\windows\Installer\73b3e94.msp
c:\windows\Installer\74a4b7.msp
c:\windows\Installer\7614d60.msp
c:\windows\Installer\76354f8.msp
c:\windows\Installer\76419ce.msp
c:\windows\Installer\76d246.msp
c:\windows\Installer\771f01a.msp
c:\windows\Installer\7729b00.msp
c:\windows\Installer\77e9dd5.msp
c:\windows\Installer\787e31.msp
c:\windows\Installer\788833.msp
c:\windows\Installer\791dc39.msp
c:\windows\Installer\798f2cc.msp
c:\windows\Installer\7c37ed4.msp
c:\windows\Installer\7c61db.msp
c:\windows\Installer\7cdf153.msp
c:\windows\Installer\7df4cfe.msp
c:\windows\Installer\7f2b408.msp
c:\windows\Installer\801200c.msp
c:\windows\Installer\8052d57.msp
c:\windows\Installer\80585e7.msp
c:\windows\Installer\8074d3.msp
c:\windows\Installer\80a1ee8.msp
c:\windows\Installer\80b28a7.msp
c:\windows\Installer\81948be.msp
c:\windows\Installer\832eef7.msp
c:\windows\Installer\843ca55.msp
c:\windows\Installer\844e5c.msp
c:\windows\Installer\84ea6d.msp
c:\windows\Installer\85f844b.msp
c:\windows\Installer\874f1d4.msp
c:\windows\Installer\87b4f7.msp
c:\windows\Installer\883e6b.msp
c:\windows\Installer\8c959f.msp
c:\windows\Installer\8ca4769.msp
c:\windows\Installer\8cc143.msp
c:\windows\Installer\96d35dc.msp
c:\windows\Installer\9a4a265.msp
c:\windows\Installer\9bb515.msp
c:\windows\Installer\9e2f21e.msp
c:\windows\Installer\a0eb5.msp
c:\windows\Installer\a14d84.msp
c:\windows\Installer\a35143.msp
c:\windows\Installer\a3b32a.msp
c:\windows\Installer\a4092a.msp
c:\windows\Installer\a41639.msp
c:\windows\Installer\a5daf.msp
c:\windows\Installer\a5f682.msp
c:\windows\Installer\a62c19.msp
c:\windows\Installer\a63fcb9.msp
c:\windows\Installer\a8c69a.msp
c:\windows\Installer\aa5e22.msp
c:\windows\Installer\ab324b.msp
c:\windows\Installer\ac0673.msp
c:\windows\Installer\ac4801f.msp
c:\windows\Installer\aca44a.msp
c:\windows\Installer\adaadc.msp
c:\windows\Installer\ae49571.msp
c:\windows\Installer\b07af4.msp
c:\windows\Installer\b2004c.msp
c:\windows\Installer\b74a0e.msp
c:\windows\Installer\b7ca99.msp
c:\windows\Installer\b96250.msp
c:\windows\Installer\bb762c.msp
c:\windows\Installer\be4f9a.msp
c:\windows\Installer\bf0250.msp
c:\windows\Installer\bf51f7.msp
c:\windows\Installer\bf574c9.msp
c:\windows\Installer\c032926.msp
c:\windows\Installer\c16825.msp
c:\windows\Installer\c22991.msp
c:\windows\Installer\c2bbce.msp
c:\windows\Installer\c38345.msp
c:\windows\Installer\c46642.msp
c:\windows\Installer\c89fec.msp
c:\windows\Installer\c985959.msp
c:\windows\Installer\ca4b0c.msp
c:\windows\Installer\d009493.msp
c:\windows\Installer\d059a5.msp
c:\windows\Installer\d2610e.msp
c:\windows\Installer\d2add6.msp
c:\windows\Installer\d6d149.msp
c:\windows\Installer\d8682e4.msp
c:\windows\Installer\d894a4.msp
c:\windows\Installer\da49b6.msp
c:\windows\Installer\dec396.msp
c:\windows\Installer\e3f4c0.msp
c:\windows\Installer\e414da.msp
c:\windows\Installer\e682fc.msp
c:\windows\Installer\e8b4b1.msp
c:\windows\Installer\e9ddfe.msp
c:\windows\Installer\eaeb67.msp
c:\windows\Installer\ebb781.msp
c:\windows\Installer\edc86f.msp
c:\windows\Installer\f3b9fb.msp
c:\windows\Installer\f49fb7.msp
c:\windows\Installer\f4dabd.msp
c:\windows\Installer\feb10c.msp
c:\windows\Installer\fff39e.msp
c:\windows\system32\ieuinit.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.

2009-09-13 20:09 . 2009-09-13 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-10 23:52 . 2009-09-10 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-10 23:52 . 2009-09-10 23:52 -------- d-----w- c:\program files\McAfee Security Scan
2009-09-08 01:17 . 2009-09-08 01:17 -------- d-----w- c:\program files\Trend Micro
2009-09-08 01:12 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 01:12 . 2009-09-08 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-08 01:12 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 01:12 . 2009-09-08 01:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-06 12:35 . 2009-09-06 12:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-06 12:28 . 2009-09-10 18:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-06 12:28 . 2009-09-06 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-06 01:13 . 2009-09-06 01:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-09-05 16:50 . 2009-09-05 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-08-27 21:29 . 2009-08-27 21:29 -------- d-----w- c:\program files\Audacity
2009-08-27 21:27 . 2009-08-27 21:27 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-08-27 16:29 . 2009-09-10 13:48 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-22 12:57 . 2009-08-22 12:57 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-22 12:57 . 2009-08-22 12:57 -------- d-----w- c:\program files\MSBuild
2009-08-22 12:57 . 2009-08-22 12:57 -------- d-----w- c:\program files\Reference Assemblies
2009-08-22 12:56 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-22 12:56 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-22 12:56 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-22 12:56 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-22 12:56 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-22 12:56 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-22 12:56 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-22 12:56 . 2009-08-22 18:32 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-22 12:53 . 2009-08-22 12:53 -------- d-----w- c:\program files\MSXML 6.0
2009-08-20 11:43 . 2009-08-20 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 13:04 . 2001-10-26 12:00 467292 ----a-w- c:\windows\system32\perfh00E.dat
2009-09-15 13:04 . 2001-10-26 12:00 108702 ----a-w- c:\windows\system32\perfc00E.dat
2009-09-15 01:38 . 2008-12-10 07:00 -------- d-----w- c:\program files\World of Warcraft
2009-09-11 11:04 . 2007-12-28 17:32 -------- d-----w- c:\program files\Vstplugins
2009-09-10 23:09 . 2008-06-15 18:25 -------- d-----w- c:\program files\Electronic Arts
2009-09-10 17:49 . 2008-11-02 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-09-10 17:47 . 2009-08-03 14:19 -------- d-----w- c:\program files\Acro Software
2009-09-07 13:00 . 2009-08-03 00:59 -------- d-----w- c:\program files\u-he
2009-09-06 12:35 . 2007-11-12 10:23 -------- d-----w- c:\program files\Lavasoft
2009-09-06 12:35 . 2009-07-17 17:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-05 21:50 . 2008-02-28 18:46 -------- d-----w- c:\program files\Phun
2009-09-05 16:50 . 2008-09-27 02:58 -------- d-----w- c:\program files\ESET
2009-08-18 23:07 . 2007-11-15 00:32 -------- d-----w- c:\program files\Winamp
2009-08-05 10:07 . 2008-04-20 23:59 -------- d-----w- c:\program files\Google
2009-08-05 09:08 . 2004-08-17 14:47 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 00:58 . 2009-08-03 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Acoustica
2009-07-22 02:31 . 2001-10-26 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-07-20 13:34 . 2009-07-20 13:34 -------- d-----w- c:\program files\EA Games
2009-07-19 02:44 . 2007-11-12 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-07-19 00:37 . 2009-07-18 20:55 -------- d-----w- c:\program files\Project64 v1.5
2009-07-17 19:01 . 2004-08-17 14:46 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 17:10 . 2009-07-17 17:10 -------- d-----w- c:\program files\Ventrilo
2009-07-13 21:43 . 2004-08-17 14:47 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:20 . 2004-08-17 14:47 659968 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:20 . 2004-08-17 14:47 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 18:37 . 2004-08-17 14:47 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:37 . 2004-08-17 14:47 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:37 . 2004-08-17 14:47 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:37 . 2004-08-17 14:47 503808 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:37 . 2004-08-17 14:47 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:37 . 2004-08-17 14:47 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:37 . 2004-08-17 14:47 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:37 . 2004-08-17 14:47 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:37 . 2004-08-17 14:47 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:37 . 2004-08-17 14:47 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:37 . 2004-08-17 14:47 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:37 . 2004-08-17 14:47 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 08:48 . 2004-08-17 14:47 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:48 . 2004-08-17 14:47 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:48 . 2004-08-17 14:47 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:48 . 2004-08-17 14:47 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:48 . 2004-08-17 14:47 728064 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:48 . 2004-08-17 14:47 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:49 . 2004-08-17 14:48 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-17 14:48 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-17 14:48 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 20:58 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-03 20:59 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-07-30 1935360]
"Google Update"="c:\documents and settings\Géza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-18 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-26 8523776]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-17 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-30 77824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-31 307200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-26 81920]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-28 2029640]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-04-04 1822720]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-26 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\G‚za\Start Menu\Programs\Indˇt˘pult\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-10-23 575488]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-9-26 393216]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-4-9 49220]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2007-12-8 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=diomidi.dll
"wave1"=Digi32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Avid\\Avid Media Composer\\AvidMediaComposer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009.05.28. 11:12 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009.05.28. 11:12 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009.05.28. 11:12 731840]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2004.02.02. 21:08 33792]
R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\drivers\nvnusbaudio.sys [2007.12.14. 15:39 26112]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2008.10.02. 20:32 4224]
S2 gupdate1c9f014b550680c;Google Update Service (gupdate1c9f014b550680c);c:\program files\Google\Update\GoogleUpdate.exe [2009.06.18. 15:00 133104]
S3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [2007.08.08. 10:31 23840]
S3 voxthing;Voice Thing service;c:\windows\system32\drivers\voxthing.sys [2007.07.20. 15:30 14208]
.
Contents of the 'Scheduled Tasks' folder

2009-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2009-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 12:59]

2009-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 12:59]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Letöltés a FlashGet-tel - c:\program files\FlashGet\jc_link.htm
IE: Minden letöltése a FlashGet-tel - c:\program files\FlashGet\jc_all.htm
TCP: {F2567CE2-C0B7-416A-836E-BD86D143CF72} = 84.2.46.1,84.2.44.1
FF - ProfilePath - c:\documents and settings\Géza\Application Data\Mozilla\Firefox\Profiles\0pu6yxwy.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RocketDock - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
HKCU-Run-Dimag - (no file)
AddRemove-Acoustica Effects Pack - c:\progra~1\Acoustica Shared Effects\UNWISE.EXE
AddRemove-Acoustica Mixcraft 4.5 - c:\progra~1\Acoustica Mixcraft 4\Unwise.exe
AddRemove-KORG Legacy Collection - DIGITAL EDITION v1.0.0 - c:\progra~1\KORG\KORGLE~1\UNWISE.EXE
AddRemove-ReCycle v2.1 - c:\progra~1\Recycle\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 15:28
Windows 5.1.2600 Szervizcsomag 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-343818398-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ef,2f,cb,9c,1d,ac,d0,e9,9e,7f,4b,e8,40,71,b3,0b,90,da,55,ea,50,44,e8,
27,9f,d2,cb,c3,6f,37,ac,4a,85,5f,aa,39,ef,9b,72,c3,02,0e,60,8d,59,bc,95,31,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-796845957-343818398-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:e9,2d,1a,aa,72,c7,8d,4d,b6,3d,3d,92,c8,e0,e7,3e,b7,e8,64,9e,91,
f1,32,fe,5a,c3,6b,c4,e9,e4,59,52,e7,5c,7c,54,44,79,1e,0b,96,c5,d5,46,58,00,\
"rkeysecu"=hex:ff,6e,8e,d7,2e,02,ad,27,7d,a0,74,2f,8d,32,b4,cc

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:87,f2,cc,c8,0c,7a,12,b3,75,85,13,71,bb,94,7f,51,1c,0f,c2,ad,68,
94,a2,b2,96,29,cb,b3,1c,0b,c2,0b,4b,75,e2,6e,fd,ac,af,c6,dd,9a,9b,8e,3d,b3,\

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AVX\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectInput\Compatibility\CLIENT2._EXE35FEFABD00088200*]
@DACL=
"MaxDeviceNameLen"="54??8890000%Â|45b5"
"NoPollSucceed"="{B1A25EC6-2015-3F5B-B615-8D3E6F26A108}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2454745:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\fp0-{BAC84E26-D9CB-5B7D-F269-F868A3430697}\Version 1.1]
@DACL=
"dat"="806585365:{98A65D25-854F-D88A-4365-EDF2E6D60835}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2454766:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{F6757B2E-8486-7DD9-E9EC-501414C36A43}*\Install*Loc\fp0\dat]
@DACL=
"default"="516231384:{0A6B596A-9759-979C-47F6-C2DAD87CDDF7}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\fp0-{BAC84E26-D9CB-5B7D-F269-F868A3430697}\Version 3.x]
@DACL=
"dat"="1767914624:{734C87F3-6F92-6267-54D1-9D584F3DDBD8}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll*]
@DACL=
"AplicationGoo"="b9)#8330000?ála5b5Ö"
"ChkAppHelp"="{55301081-0788-4017-AB59-FB66F27A3389}"

[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\fp0\ver]
@DACL=
"KnownSvcs"="923715111:{72A9D8A8-B9DC-E6A3-2A35-A13EED5FC449}"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:87,f2,cc,c8,0c,7a,12,b3,75,85,13,71,bb,94,7f,51,1c,0f,c2,ad,68,
94,a2,b2,96,29,cb,b3,1c,0b,c2,0b,4b,75,e2,6e,fd,ac,af,c6,dd,9a,9b,8e,3d,b3,\

[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{FF42725B-FF70-1686-0D9D-25B0FF784FC1}\fp0\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234522611:{A6B206E0-F034-0FED-9E18-163292034F06}"

[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AVX\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="4:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3428)
c:\windows\system32\nview.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\10\1038\OWCI10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1038\OWCI11.DLL
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.bin
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-15 15:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-15 13:33

Pre-Run: 29 139 378 176 bájt szabad
Post-Run: 29 031 976 960 bájt szabad

810 --- E O F --- 2009-09-15 03:41
gulliverfoyle
Active Member
 
Posts: 12
Joined: September 10th, 2009, 8:12 pm

Re: Hijack this log - gulliverfoyle

Unread postby gulliverfoyle » September 15th, 2009, 9:43 am

And here is the new HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:23, on 2009.09.15.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: Adobe PDF Reader hivatkozássúgó - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Géza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Letöltés a FlashGet-tel - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Minden letöltése a FlashGet-tel - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2567CE2-C0B7-416A-836E-BD86D143CF72}: NameServer = 84.2.46.1,84.2.44.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9f014b550680c) (gupdate1c9f014b550680c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8214 bytes
gulliverfoyle
Active Member
 
Posts: 12
Joined: September 10th, 2009, 8:12 pm

Re: Hijack this log - gulliverfoyle

Unread postby Shaba » September 15th, 2009, 11:29 am

Please install recovery console like instructed in my link, rerun combofix and post back a fresh combofix log :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Hijack this log - gulliverfoyle

Unread postby gulliverfoyle » September 16th, 2009, 10:27 am

Sorry, my understanding was that the recovery console will be installed automatically during the ComboFix scan/process.
Anyway, here is the correct log now, and the HijackThis log in my next post. (Note: this time ComboFix didn't reboot my computer after it finished the scan, and I haven't recieved any 'process terminating error' messages from various programs like I did before...)


ComboFix 09-09-14.02 - Géza 009.09.16. 16:08.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.36.1038.18.2047.1492 [GMT 2:00]
Running from: c:\documents and settings\Géza\Asztal\ComboFix.exe
Command switches used :: c:\documents and settings\Géza\Asztal\WindowsXP-KB310994-SP2-Pro-BootDisk-HUN.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 )))))))))))))))))))))))))))))))
.

2009-09-16 12:11 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-09-16 12:11 . 2009-09-16 12:11 -------- d-----w- c:\windows\ie8updates
2009-09-16 12:10 . 2009-07-03 16:59 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-16 12:10 . 2009-07-03 16:59 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-16 12:10 . 2009-07-03 16:59 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-16 12:10 . 2009-07-03 16:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-09-16 12:10 . 2009-07-03 16:59 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-16 12:10 . 2009-07-19 16:47 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-09-16 12:09 . 2009-09-16 12:10 -------- d-----w- c:\windows\system32\hu-HU
2009-09-16 12:09 . 2009-09-16 12:09 -------- dc-h--w- c:\windows\ie8
2009-09-13 20:09 . 2009-09-13 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-10 23:52 . 2009-09-10 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-09-10 23:52 . 2009-09-10 23:52 -------- d-----w- c:\program files\McAfee Security Scan
2009-09-08 01:17 . 2009-09-08 01:17 -------- d-----w- c:\program files\Trend Micro
2009-09-08 01:12 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 01:12 . 2009-09-08 01:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-08 01:12 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 01:12 . 2009-09-08 01:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-06 12:35 . 2009-09-06 12:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-06 12:28 . 2009-09-10 18:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-06 12:28 . 2009-09-06 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-06 01:13 . 2009-09-06 01:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-09-05 16:50 . 2009-09-05 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-08-27 21:29 . 2009-08-27 21:29 -------- d-----w- c:\program files\Audacity
2009-08-27 21:27 . 2009-08-27 21:27 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-08-27 16:29 . 2009-09-10 13:48 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-22 12:57 . 2009-08-22 12:57 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-22 12:57 . 2009-08-22 12:57 -------- d-----w- c:\program files\MSBuild
2009-08-22 12:57 . 2009-08-22 12:57 -------- d-----w- c:\program files\Reference Assemblies
2009-08-22 12:56 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-22 12:56 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-22 12:56 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-22 12:56 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-22 12:56 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-22 12:56 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-22 12:56 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-22 12:56 . 2009-08-22 18:32 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-22 12:53 . 2009-08-22 12:53 -------- d-----w- c:\program files\MSXML 6.0
2009-08-20 11:43 . 2009-08-20 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 12:01 . 2001-10-26 12:00 467292 ----a-w- c:\windows\system32\perfh00E.dat
2009-09-16 12:01 . 2001-10-26 12:00 108702 ----a-w- c:\windows\system32\perfc00E.dat
2009-09-15 01:38 . 2008-12-10 07:00 -------- d-----w- c:\program files\World of Warcraft
2009-09-11 11:04 . 2007-12-28 17:32 -------- d-----w- c:\program files\Vstplugins
2009-09-10 23:09 . 2008-06-15 18:25 -------- d-----w- c:\program files\Electronic Arts
2009-09-10 17:49 . 2008-11-02 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\2DBoy
2009-09-10 17:47 . 2009-08-03 14:19 -------- d-----w- c:\program files\Acro Software
2009-09-07 13:00 . 2009-08-03 00:59 -------- d-----w- c:\program files\u-he
2009-09-06 12:35 . 2007-11-12 10:23 -------- d-----w- c:\program files\Lavasoft
2009-09-06 12:35 . 2009-07-17 17:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-05 21:50 . 2008-02-28 18:46 -------- d-----w- c:\program files\Phun
2009-09-05 16:50 . 2008-09-27 02:58 -------- d-----w- c:\program files\ESET
2009-08-18 23:07 . 2007-11-15 00:32 -------- d-----w- c:\program files\Winamp
2009-08-05 10:07 . 2008-04-20 23:59 -------- d-----w- c:\program files\Google
2009-08-05 09:08 . 2004-08-17 14:47 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 00:58 . 2009-08-03 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Acoustica
2009-07-22 02:31 . 2001-10-26 12:00 4224 ------w- c:\windows\system32\drivers\beep.sys
2009-07-20 13:34 . 2009-07-20 13:34 -------- d-----w- c:\program files\EA Games
2009-07-19 02:44 . 2007-11-12 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-07-19 00:37 . 2009-07-18 20:55 -------- d-----w- c:\program files\Project64 v1.5
2009-07-17 19:01 . 2004-08-17 14:46 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-17 14:47 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 16:59 . 2004-08-17 14:47 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 18:37 . 2004-08-17 14:47 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:37 . 2004-08-17 14:47 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:37 . 2004-08-17 14:47 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:37 . 2004-08-17 14:47 503808 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:37 . 2004-08-17 14:47 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:37 . 2004-08-17 14:47 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:37 . 2004-08-17 14:47 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:37 . 2004-08-17 14:47 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:37 . 2004-08-17 14:47 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:37 . 2004-08-17 14:47 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:37 . 2004-08-17 14:47 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:37 . 2004-08-17 14:47 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 08:48 . 2004-08-17 14:47 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:48 . 2004-08-17 14:47 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:48 . 2004-08-17 14:47 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:48 . 2004-08-17 14:47 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:48 . 2004-08-17 14:47 728064 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:48 . 2004-08-17 14:47 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:49 . 2004-08-17 14:48 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-17 14:48 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-17 14:48 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 20:58 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-03 20:59 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-07-30 1935360]
"Google Update"="c:\documents and settings\Géza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-18 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-26 8523776]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-17 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-30 77824]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-04-09 200704]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-31 307200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-26 81920]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-28 2029640]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-04-10 16126464]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-04-04 1822720]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-26 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\G‚za\Start Menu\Programs\Indˇt˘pult\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-10-23 575488]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-9-26 393216]

c:\documents and settings\All Users\Start Menu\Programs\Indˇt˘pult\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-4-9 49220]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2007-12-8 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=diomidi.dll
"wave1"=Digi32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enGB-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Avid\\Avid Media Composer\\AvidMediaComposer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009.05.28. 11:12 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009.05.28. 11:12 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009.05.28. 11:12 731840]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2004.02.02. 21:08 33792]
R3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\drivers\nvnusbaudio.sys [2007.12.14. 15:39 26112]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2008.10.02. 20:32 4224]
S2 gupdate1c9f014b550680c;Google Update Service (gupdate1c9f014b550680c);c:\program files\Google\Update\GoogleUpdate.exe [2009.06.18. 15:00 133104]
S3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [2007.08.08. 10:31 23840]
S3 voxthing;Voice Thing service;c:\windows\system32\drivers\voxthing.sys [2007.07.20. 15:30 14208]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2009-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 12:59]

2009-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 12:59]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportálás Microsoft Excel formátumba - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Letöltés a FlashGet-tel - c:\program files\FlashGet\jc_link.htm
IE: Minden letöltése a FlashGet-tel - c:\program files\FlashGet\jc_all.htm
TCP: {F2567CE2-C0B7-416A-836E-BD86D143CF72} = 84.2.46.1,84.2.44.1
FF - ProfilePath - c:\documents and settings\Géza\Application Data\Mozilla\Firefox\Profiles\0pu6yxwy.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-KORG Legacy Collection - DIGITAL EDITION v1.0.0 - c:\progra~1\KORG\KORGLE~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 16:10
Windows 5.1.2600 Szervizcsomag 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-343818398-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ef,2f,cb,9c,1d,ac,d0,e9,9e,7f,4b,e8,40,71,b3,0b,90,da,55,ea,50,44,e8,
27,9f,d2,cb,c3,6f,37,ac,4a,85,5f,aa,39,ef,9b,72,c3,02,0e,60,8d,59,bc,95,31,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-796845957-343818398-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:e9,2d,1a,aa,72,c7,8d,4d,b6,3d,3d,92,c8,e0,e7,3e,b7,e8,64,9e,91,
f1,32,fe,5a,c3,6b,c4,e9,e4,59,52,e7,5c,7c,54,44,79,1e,0b,96,c5,d5,46,58,00,\
"rkeysecu"=hex:ff,6e,8e,d7,2e,02,ad,27,7d,a0,74,2f,8d,32,b4,cc

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:87,f2,cc,c8,0c,7a,12,b3,75,85,13,71,bb,94,7f,51,1c,0f,c2,ad,68,
94,a2,b2,96,29,cb,b3,1c,0b,c2,0b,4b,75,e2,6e,fd,ac,af,c6,dd,9a,9b,8e,3d,b3,\

[HKEY_LOCAL_MACHINE\software\GenArts\Sapphire AVX\Install-{EC3F6705-85EF-4FB1-4E30-80781324E273}\Data*]
@DACL=
"DefaultSettings"="99:{C6DDA450-F687-55DF-CA23-1A5083308C5D}"

[HKEY_LOCAL_MACHINE\software\Microsoft\DirectInput\Compatibility\CLIENT2._EXE35FEFABD00088200*]
@DACL=
"MaxDeviceNameLen"="54??8890000%Â|45b5"
"NoPollSucceed"="{B1A25EC6-2015-3F5B-B615-8D3E6F26A108}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install*Loc\VxDs]
@DACL=
"CTE_32 Name"="2454745:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Install*Loc\fp0-{BAC84E26-D9CB-5B7D-F269-F868A3430697}\Version 1.1]
@DACL=
"dat"="806585365:{98A65D25-854F-D88A-4365-EDF2E6D60835}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\z*\{{05FF8CB8-4942-FCF6-301D-6930181DE865}}]
@DACL=
"DefaultSettings"="2454766:{37C8840C-72FD-B1F6-4FC1-23A6EF5B6255}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\{F6757B2E-8486-7DD9-E9EC-501414C36A43}*\Install*Loc\fp0\dat]
@DACL=
"default"="516231384:{0A6B596A-9759-979C-47F6-C2DAD87CDDF7}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Install VBX*\Current*Version\Install*Loc\fp0-{BAC84E26-D9CB-5B7D-F269-F868A3430697}\Version 3.x]
@DACL=
"dat"="1767914624:{734C87F3-6F92-6267-54D1-9D584F3DDBD8}"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smase._dll*]
@DACL=
"AplicationGoo"="b9)#8330000?ála5b5Ö"
"ChkAppHelp"="{55301081-0788-4017-AB59-FB66F27A3389}"

[HKEY_LOCAL_MACHINE\software\Microsoft\WinXGA*\Providers*\{D41D8CD9-8F00-B204-E980-0998ECF8427E}\Current*Set\fp0\ver]
@DACL=
"KnownSvcs"="923715111:{72A9D8A8-B9DC-E6A3-2A35-A13EED5FC449}"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:87,f2,cc,c8,0c,7a,12,b3,75,85,13,71,bb,94,7f,51,1c,0f,c2,ad,68,
94,a2,b2,96,29,cb,b3,1c,0b,c2,0b,4b,75,e2,6e,fd,ac,af,c6,dd,9a,9b,8e,3d,b3,\

[HKEY_LOCAL_MACHINE\software\XBMga*\UUIDs\{FF42725B-FF70-1686-0D9D-25B0FF784FC1}\fp0\Install*Loc]
@DACL=
"{19620715-0001-1211-574574-30001}"="234522611:{A6B206E0-F034-0FED-9E18-163292034F06}"

[HKEY_LOCAL_MACHINE\software\xGenArts\Sapphire AVX\DLL ver*\{A6D90D08-68DD-2B46-E2AC-5782669B2696}]
@DACL=
"CTE_32 Name"="4:{19C42D30-D844-8A07-12A4-E783E7D228F7}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1600)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\10\1038\OWCI10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\program files\Common Files\Microsoft Shared\Web Components\11\1038\OWCI11.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-16 16:12
ComboFix-quarantined-files.txt 2009-09-16 14:12
ComboFix2.txt 2009-09-16 14:00
ComboFix3.txt 2009-09-15 13:33

Pre-Run: 28 652 638 208 bájt szabad
Post-Run: 28 633 440 256 bájt szabad

WindowsXP-KB310994-SP2-Pro-BootDisk-HUN.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional - magyar" /noexecute=optin /fastdetect

283 --- E O F --- 2009-09-16 12:11
gulliverfoyle
Active Member
 
Posts: 12
Joined: September 10th, 2009, 8:12 pm

Re: Hijack this log - gulliverfoyle

Unread postby gulliverfoyle » September 16th, 2009, 10:29 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:19:25, on 2009.09.16.
Platform: Windows XP Szervizcsomag 2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Curse\CurseClient.exe
C:\Documents and Settings\Géza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hivatkozások
O2 - BHO: Adobe PDF Reader hivatkozássúgó - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live bejelentkezési segítség - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Géza\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportálás Microsoft Excel formátumba - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Letöltés a FlashGet-tel - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Minden letöltése a FlashGet-tel - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Kutatás - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2567CE2-C0B7-416A-836E-BD86D143CF72}: NameServer = 84.2.46.1,84.2.44.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9f014b550680c) (gupdate1c9f014b550680c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8678 bytes
gulliverfoyle
Active Member
 
Posts: 12
Joined: September 10th, 2009, 8:12 pm

Re: Hijack this log - gulliverfoyle

Unread postby Shaba » September 16th, 2009, 11:51 am

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Hijack this log - gulliverfoyle

Unread postby gulliverfoyle » September 16th, 2009, 3:39 pm

Here is the Kaspersky report. It didn't find anything bad...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, September 16, 2009
Operating system: Microsoft Windows XP Professional Szervizcsomag 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 16, 2009 18:19:24
Records in database: 2835796
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Objects scanned: 140176
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:39:10

No threats found. Scanned area is clean.

Selected area has been scanned.
gulliverfoyle
Active Member
 
Posts: 12
Joined: September 10th, 2009, 8:12 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 24 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware