Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My Hijackthis log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: My Hijackthis log

Unread postby masternitro » June 14th, 2010, 4:19 pm

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Databaseversie: 4196

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

14-6-2010 13:52:57
mbam-log-2010-06-14 (13-52-57).txt

Scantype: Snelle scan
Objecten gescand: 123811
Verstreken tijd: 4 minuut/minuten, 52 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 4
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm
Advertisement
Register to Remove

Re: My Hijackthis log

Unread postby masternitro » June 14th, 2010, 4:34 pm

Gmer still freezes even in safe mode.
When I click scan it scans,
but after a few seconds it gives a message that it doesnt work anymore and i have to close it.

I still need to do the other scan?

I get this message quite often lately:
Image

Translation(not 100% correct):
Enhanced On-Acces Anti-Malware Service. Stopped working and has closed.

There have been a problem because of that the application doesnt work good anymore.
You will recieve a message when there is a solution avaiable.
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm

Re: My Hijackthis log

Unread postby vict0r » June 14th, 2010, 4:40 pm

Yes , please do the DDS scan.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: My Hijackthis log

Unread postby masternitro » June 14th, 2010, 5:03 pm

DDS (Ver_10-03-17.01) - NTFSx86
Run by Daniel at 23:00:36,96 on ma 14-06-2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3327.1492 [GMT 2:00]

AV: Panda Antivirus + Firewall 2008 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
SP: Panda Antivirus + Firewall 2008 *disabled* (Updated) {FE6602D3-1E71-4EBB-B4E3-D1C9CBDAF0A1}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: Panda Antivirus 2008 Personal Firewall *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PskSvc.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\amBX\Control Panel\amBXDaemon.exe
C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\amBX\Illuminate\Illuminate.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\amBX\System\amBX_Service.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\amBX\Device Drivers\Philips USB\Philips_HAL_Starter.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsImSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\amBX\Device Drivers\Philips USB\Philips_amBX_USB_HAL.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\javaw.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Daniel\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.hyves.nl/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 174.142.104.57:3128
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [recinfo] c:\recinfo\recinfo.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Windows Runtime] c:\users\daniel\javalib.jar
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NPCTray] c:\program files\norman\npc\bin\npc_tray.exe /LOAD
mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus + firewall 2008\APVXDWIN.EXE" /s
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [amBX Daemon] "c:\program files\ambx\control panel\amBXDaemon.exe"
mRun: [amBX System Tray Application] c:\program files\ambx\gaming fxgen\win32\amBXFxGen.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [fsc-reg] c:\fsc-reg\fscreg.exe
StartupFolder: c:\users\daniel\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ambxef~1.lnk - c:\program files\ambx\effects\amBX Event Manager.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ambxil~1.lnk - c:\program files\ambx\illuminate\Illuminate.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\panda security\panda antivirus + firewall 2008\pavlsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avldr - avldr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\gycgfuwj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hyves.nl/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-8-24 71608]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-8-24 51256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-8-24 21816]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-8-24 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-8-24 132664]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-8-24 38968]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [2008-8-24 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-8-24 30648]
R2 amBX Service;amBX Service;c:\program files\ambx\system\amBX_Service.exe [2008-4-17 599552]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8660.sys [2008-8-24 46648]
R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2008-8-24 13880]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2008-8-24 24760]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda antivirus + firewall 2008\PsCtrlS.exe [2008-8-24 169264]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda antivirus + firewall 2008\PavFnSvr.exe [2008-8-24 173360]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-8-24 178872]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda software\pavshld\PavPrSrv.exe [2008-8-24 63024]
R2 Philips HAL Starter;Philips HAL Starter;c:\program files\ambx\device drivers\philips usb\Philips_HAL_Starter.exe [2008-6-9 10752]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda antivirus + firewall 2008\psksvc.exe [2008-8-24 27696]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;c:\windows\system32\drivers\netimflt.sys [2008-8-24 143160]
R3 Philips amBX USB HAL;Philips amBX USB HAL;c:\program files\ambx\device drivers\philips usb\Philips_amBX_USB_HAL.exe [2008-6-9 540672]
S2 gupdate1c9cd04468bf89c;Google Updateservice (gupdate1c9cd04468bf89c);c:\program files\google\update\GoogleUpdate.exe [2009-5-5 133104]
S2 PAVSRV;Panda anti-virus service;c:\program files\panda security\panda antivirus + firewall 2008\pavsrvx86.exe [2008-8-24 165680]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe --> c:\program files\magix\common\database\bin\fbserver.exe [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-7-25 36608]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-4-19 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-4-19 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-4-19 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-4-19 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-4-19 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-4-19 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-4-19 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-4-19 115752]

=============== Created Last 30 ================

2010-06-14 13:55:07 65536 --sha-w- c:\users\daniel\ntuser.dat{9f623f3f-ca16-11de-8f09-cba68067f5bf}.TxR.blf
2010-06-14 13:55:07 1048576 --sha-w- c:\users\daniel\ntuser.dat{9f623f3f-ca16-11de-8f09-cba68067f5bf}.TxR.2.regtrans-ms
2010-06-14 13:55:07 1048576 --sha-w- c:\users\daniel\ntuser.dat{9f623f3f-ca16-11de-8f09-cba68067f5bf}.TxR.1.regtrans-ms
2010-06-14 13:55:07 1048576 --sha-w- c:\users\daniel\ntuser.dat{9f623f3f-ca16-11de-8f09-cba68067f5bf}.TxR.0.regtrans-ms
2010-06-14 11:46:44 0 d-----w- c:\users\daniel\appdata\roaming\Malwarebytes
2010-06-14 11:46:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-14 11:46:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-14 11:46:34 0 d-----w- c:\programdata\Malwarebytes
2010-06-14 11:46:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 14:42:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 14:09:51 0 d-----w- c:\programdata\Sun
2010-05-25 14:08:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-24 12:25:34 0 d-----w- c:\programdata\Insight Software Solutions
2010-05-24 12:25:34 0 d-----w- c:\programdata\Insight Software
2010-05-24 12:25:32 0 d-----w- c:\program files\common files\Insight Software Solutions
2010-05-24 12:25:30 0 d-----w- c:\program files\ShortKeys2

==================== Find3M ====================

2010-06-14 21:00:32 1204 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-06-14 21:00:32 1204 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-06-14 20:31:48 469116 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-06-14 20:31:48 469116 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-06-04 13:46:37 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-04 13:46:37 86016 ----a-w- c:\windows\inf\infpub.dat
2010-06-04 13:46:37 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-04 13:33:58 667114 ----a-w- c:\windows\system32\perfh013.dat
2010-06-04 13:33:57 126648 ----a-w- c:\windows\system32\perfc013.dat
2010-06-01 23:41:29 529464 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-12 09:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53:49 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-16 16:10:05 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-05 16:07:19 67072 ----a-w- c:\windows\system32\asycfilt.dll
2008-07-30 01:14:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-04-09 09:49:52 41976 ----a-w- c:\windows\inf\perflib\0413\perfd.dat
2008-04-09 09:49:52 41976 ----a-w- c:\windows\inf\perflib\0413\perfc.dat
2008-04-09 09:49:52 336440 ----a-w- c:\windows\inf\perflib\0413\perfi.dat
2008-04-09 09:49:52 336440 ----a-w- c:\windows\inf\perflib\0413\perfh.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-12 19:02:43 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-04-23 13:41:49 88 --sha-r- c:\windows\system32\C1F76A0D61.sys
2009-04-23 13:42:42 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-23 12:25:37 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 23:01:50,35 ===============

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 23-8-2008 23:15:43
System Uptime: 14-6-2010 22:29:08 (1 hours ago)

Motherboard: FUJITSU SIEMENS | | MS-7379VP
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU 1 | 2403/267mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 154 GiB total, 38,299 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 161,968 GiB free.
E: is FIXED (NTFS) - 303 GiB total, 33,16 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Adobe Anchor Service CS4
Adobe Color Common Settings
Adobe CSI CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Update Manager CS4
Allok 3GP PSP MP4 iPod Video Converter 4.2.0608
amBX Audio FXGen 3.1.1
amBX Control Panel 1.2.2
amBX Effects 1.1.2
amBX Gaming FXGen 3.5.7
amBX Illuminate 1.0.2
amBX System 1.1.3.2
ATI Catalyst Install Manager
Avanquest update
AVS Audio Converter version 6.1
AVS Update Manager 1.0
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
ccc-core-static
ccc-utility
CCC Help English
CCleaner
Compatibiliteitspakket voor het 2007 Microsoft Office system
Connect
DisplayFusion
DVD Shrink 3.2
GEAR 32bit Driver Installer
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Integrated Performance Primitives RTI 4.0
Java Auto Updater
Java DB 10.4.1.3
Java(TM) 6 Update 20
Java(TM) SE Development Kit 6 Update 11
Junk Mail filter update
K-Lite Codec Pack 4.3.4 (Full)
kuler
Live 7.0.3
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Magic ISO Maker v5.4 (build 0256)
Malwarebytes' Anti-Malware
Medieval CUE Splitter
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint Viewer 2007 (Dutch)
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
Mozilla Firefox (3.6.3)
Mp3tag v2.45a
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH Toolbox
Nero 8 Essentials
neroxml
OJOsoft Total Video Converter
Panda Antivirus + Firewall 2008
Philips amBX V1.4
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
ShortKeys Lite
Skins
Skype web features
Skype™ 4.1
Sony Ericsson PC Suite 4.010.00
Spelling Dictionaries Support For Adobe Reader 8
Suite Shared Configuration CS4
System Requirements Lab
SystemDiagnostics
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
VCRedistSetup
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VSO Image Resizer 3.0.1.76
Windows-stuurprogrammapakket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows-stuurprogrammapakket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Media Player Firefox Plugin
WinRAR
Wisdom-soft AutoScreenRecorder 1.0 Free
World of Warcraft FREE Trial
YouTube Downloader 2.5.3

==== End Of File ===========================
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm

Re: My Hijackthis log

Unread postby vict0r » June 14th, 2010, 7:37 pm

According to DDS you have about 30Gb and 160Gb free space on drive e: and d:.

Let's try this:


Disable Panda

Please navigate to the system tray on the bottom right hand corner and look for a sign that looks like a Pandabear head.

  • Right click it-> select Close automatic protection.
  • A message will pop up and warn you about disabling the protection. Chose "Yes."
  • The above sign in the systemtray will now disapear.
  • You successfully disabled the Panda Internet Security Guard.


Disable Windows Defender

  • Go to Start > All Programs > Windows Defender.
  • Click on Tools at the top.
  • Under Settings, click on Options.
  • Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  • Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  • Click on the Save button at the bottom right hand corner.
Note: Please do not re-enable until i tell you to do so.


Download/run Rkill:

Please download Rkill from one of the following links and save it to your Desktop:

One, Two,Three, Four, or Five

  • Save all work and close all programs.
  • Right click on Rkill and select Run as Administrator.
  • A command window will open then disappear upon completion, this is normal.
  • A notepad window will open, please post the contents in your next reply
  • This log can also be found at C:\rkill.log
  • Please leave Rkill on the Desktop until otherwise advised.

If rkill will not run, then try the next download link.


Then try the GMER scan again.

Try in safe mode if GMER still won't run. Remember to disable Panda if it has enabled itself at reboot and to run rkill before GMER.

If it still doesn't work we will try a different approach.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: My Hijackthis log

Unread postby masternitro » June 15th, 2010, 5:10 pm

My computer isn't running really good. (less than 2 years old).
I don't know if thats the malware, or just that the register is full?

Will do the scans tomorrow, didnt had much spare time today.
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm

Re: My Hijackthis log

Unread postby masternitro » June 16th, 2010, 12:31 pm

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Daniel on 16-06-2010 at 17:33:11.


Processes terminated by Rkill or while it was running:


C:\Users\Daniel\Desktop\eXplorer.exe


Rkill completed on 16-06-2010 at 17:33:15.
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm

Re: My Hijackthis log

Unread postby masternitro » June 16th, 2010, 12:33 pm

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-16 18:28:04
Windows 6.0.6001 Service Pack 1
Running: j7ldsq1c.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\agddypow.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE8 0x50 0x39 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA3 0xE3 0x6A 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0xBB 0x4F 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE8 0x50 0x39 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA3 0xE3 0x6A 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0xBB 0x4F 0x01 ...

---- EOF - GMER 1.0.15 ----

I don't think scan is completed 100%, in normal modus I ran it for like 30 mins then it freezed.
In safe mode, I ran it also for about 30 mins and clicked save.
I don't know what the normal time is to complete?
If its a couple hours, I will run it over night.
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm

Re: My Hijackthis log

Unread postby vict0r » June 16th, 2010, 5:02 pm

Please wait with any scans until I post new instructions.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: My Hijackthis log

Unread postby vict0r » June 16th, 2010, 5:56 pm

The partial GMER log you posted shows signs of a cd emulation program called Daemon tools. This is known to cause problems with the GMER scan. Daemon tools does not show in any of the other logs you have posted. Did you recently install this program?


Please download DeFogger to your desktop.

Right click DeFogger and select Run as Administrator to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.


Then try the GMER instructions in normal mode and if necessary in safe mode. Remember to disable Panda when Gmer is scanning. The scan can take a couple of hours.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: My Hijackthis log

Unread postby masternitro » June 17th, 2010, 5:34 pm

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-17 23:26:50
Windows 6.0.6001 Service Pack 1
Running: j7ldsq1c.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\agddypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE8 0x50 0x39 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA3 0xE3 0x6A 0x66 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0xBB 0x4F 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE8 0x50 0x39 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA3 0xE3 0x6A 0x66 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEA 0xBB 0x4F 0x01 ...

---- EOF - GMER 1.0.15 ----
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm

Re: My Hijackthis log

Unread postby masternitro » June 17th, 2010, 5:35 pm

Also the DDS + Attach log popped up, So I post them ;)



DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by Daniel at 18:07:41,19 on do 17-06-2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3327.2720 [GMT 2:00]

AV: Panda Antivirus + Firewall 2008 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
SP: Panda Antivirus + Firewall 2008 *disabled* (Updated) {FE6602D3-1E71-4EBB-B4E3-D1C9CBDAF0A1}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: Panda Antivirus 2008 Personal Firewall *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PskSvc.exe
C:\Windows\Explorer.EXE
C:\Users\Daniel\Desktop\j7ldsq1c.exe
C:\Users\Daniel\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.hyves.nl/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 174.142.104.57:3128
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [recinfo] c:\recinfo\recinfo.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Windows Runtime] c:\users\daniel\javalib.jar
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NPCTray] c:\program files\norman\npc\bin\npc_tray.exe /LOAD
mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus + firewall 2008\APVXDWIN.EXE" /s
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [amBX Daemon] "c:\program files\ambx\control panel\amBXDaemon.exe"
mRun: [amBX System Tray Application] c:\program files\ambx\gaming fxgen\win32\amBXFxGen.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [fsc-reg] c:\fsc-reg\fscreg.exe
StartupFolder: c:\users\daniel\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ambxef~1.lnk - c:\program files\ambx\effects\amBX Event Manager.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ambxil~1.lnk - c:\program files\ambx\illuminate\Illuminate.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\panda security\panda antivirus + firewall 2008\pavlsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avldr - avldr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\gycgfuwj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.hyves.nl/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda antivirus + firewall 2008\psksvc.exe [2008-8-24 27696]
S1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-8-24 71608]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-8-24 51256]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-8-24 21816]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-8-24 191672]
S1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-8-24 132664]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-8-24 38968]
S1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [2008-8-24 37304]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-8-24 30648]
S2 amBX Service;amBX Service;c:\program files\ambx\system\amBX_Service.exe [2008-4-17 599552]
S2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8660.sys [2008-8-24 46648]
S2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2008-8-24 13880]
S2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2008-8-24 24760]
S2 gupdate1c9cd04468bf89c;Google Updateservice (gupdate1c9cd04468bf89c);c:\program files\google\update\GoogleUpdate.exe [2009-5-5 133104]
S2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda antivirus + firewall 2008\PsCtrlS.exe [2008-8-24 169264]
S2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda antivirus + firewall 2008\PavFnSvr.exe [2008-8-24 173360]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-8-24 178872]
S2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda software\pavshld\PavPrSrv.exe [2008-8-24 63024]
S2 PAVSRV;Panda anti-virus service;c:\program files\panda security\panda antivirus + firewall 2008\pavsrvx86.exe [2008-8-24 165680]
S2 Philips HAL Starter;Philips HAL Starter;c:\program files\ambx\device drivers\philips usb\Philips_HAL_Starter.exe [2008-6-9 10752]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe --> c:\program files\magix\common\database\bin\fbserver.exe [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-7-25 36608]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-4-19 13224]
S3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;c:\windows\system32\drivers\netimflt.sys [2008-8-24 143160]
S3 Philips amBX USB HAL;Philips amBX USB HAL;c:\program files\ambx\device drivers\philips usb\Philips_amBX_USB_HAL.exe [2008-6-9 540672]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-4-19 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-4-19 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-4-19 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-4-19 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-4-19 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-4-19 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-4-19 115752]

=============== Created Last 30 ================

2010-06-17 14:59:36 20 ----a-w- c:\users\daniel\defogger_reenable
2010-06-16 15:55:38 93056 ----a-w- C:\agddypow.sys
2010-06-14 13:55:07 65536 --sha-w- c:\users\daniel\ntuser.dat{9f623f3f-ca16-11de-8f09-cba68067f5bf}.TxR.blf
2010-06-14 13:55:07 1048576 --sha-w- c:\users\daniel\ntuser.dat{9f623f3f-ca16-11de-8f09-cba68067f5bf}.TxR.2.regtrans-ms
2010-06-14 13:55:07 1048576 --sha-w- c:\users\daniel\ntuser.dat{9f623f3f-ca16-11de-8f09-cba68067f5bf}.TxR.1.regtrans-ms
2010-06-14 13:55:07 1048576 --sha-w- c:\users\daniel\ntuser.dat{9f623f3f-ca16-11de-8f09-cba68067f5bf}.TxR.0.regtrans-ms
2010-06-14 11:46:44 0 d-----w- c:\users\daniel\appdata\roaming\Malwarebytes
2010-06-14 11:46:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-14 11:46:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-14 11:46:34 0 d-----w- c:\programdata\Malwarebytes
2010-06-14 11:46:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 14:42:44 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 14:09:51 0 d-----w- c:\programdata\Sun
2010-05-25 14:08:38 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-24 12:25:34 0 d-----w- c:\programdata\Insight Software Solutions
2010-05-24 12:25:34 0 d-----w- c:\programdata\Insight Software
2010-05-24 12:25:32 0 d-----w- c:\program files\common files\Insight Software Solutions
2010-05-24 12:25:30 0 d-----w- c:\program files\ShortKeys2

==================== Find3M ====================

2010-06-17 15:49:33 1204 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-06-17 15:49:33 1204 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-06-17 15:03:59 469116 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-06-17 15:03:59 469116 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-06-15 21:12:14 667114 ----a-w- c:\windows\system32\perfh013.dat
2010-06-15 21:12:14 126648 ----a-w- c:\windows\system32\perfc013.dat
2010-06-04 13:46:37 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-04 13:46:37 86016 ----a-w- c:\windows\inf\infpub.dat
2010-06-04 13:46:37 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-01 23:41:29 529464 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-05-26 16:16:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-12 09:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53:49 2036224 ----a-w- c:\windows\system32\win32k.sys
2010-04-16 16:10:05 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-04-05 16:07:19 67072 ----a-w- c:\windows\system32\asycfilt.dll
2008-07-30 01:14:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-04-09 09:49:52 41976 ----a-w- c:\windows\inf\perflib\0413\perfd.dat
2008-04-09 09:49:52 41976 ----a-w- c:\windows\inf\perflib\0413\perfc.dat
2008-04-09 09:49:52 336440 ----a-w- c:\windows\inf\perflib\0413\perfi.dat
2008-04-09 09:49:52 336440 ----a-w- c:\windows\inf\perflib\0413\perfh.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-12 19:02:43 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-04-23 13:41:49 88 --sha-r- c:\windows\system32\C1F76A0D61.sys
2009-04-23 13:42:42 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-23 12:25:37 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 18:10:26,83 ===============
You do not have the required permissions to view the files attached to this post.
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm

Re: My Hijackthis log

Unread postby masternitro » June 17th, 2010, 5:38 pm

I can't respond until monday.
I'm going away this weekend ;)
Thats why ;)

(defogger worked, but I post log incase u might need it, since I can't respond till monday).

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:59 on 17/06/2010 (Daniel)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm

Re: My Hijackthis log

Unread postby vict0r » June 17th, 2010, 6:08 pm

I need the answer to my question about Daemon tools.

Thanks.
vict0r
Regular Member
 
Posts: 1043
Joined: December 3rd, 2008, 3:00 pm

Re: My Hijackthis log

Unread postby masternitro » June 18th, 2010, 6:27 am

I didn't recently installed deamontools(bout a year ago or so),
But I have recently used it
masternitro
Regular Member
 
Posts: 41
Joined: February 20th, 2009, 3:13 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 62 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware