can someone pls check my hijackthis log? everytime i wanna start any application my pc freezes for about 5 minutes.then it back to normal. i realized that there is a counterspy in the log although i already uninstalled that application long time ago. the counterspy folder also had been deleted in program files. i cleaned up my pc using malwarebytes..but the problem still exists. i also realized that there is a unknown folder C:\dosh\ghos with apps like 1KG_su.exe, gho_run.exe, etc. (see bottom list) what are these?
thanks in advance!
------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:14 AM, on 28-Sep-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://malaysia.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Taskbar Shuffle] "C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Outlook.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE90E520-D877-437D-B0F0-0563DF410B3C}: NameServer = 208.67.222.222,208.67.220.220
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Internet Security 2010\avp.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\Solidworks 2010\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Unknown owner - C:\Program Files\CounterSpy\SBAMSvc.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
--
End of file - 7769 bytes
----------------------------------------------------------------------------------------
µTorrent
2007 Microsoft Office system
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
AllBearings v1.0
Ashampoo WinOptimizer 5.00
AutoCAD 2007 - English
Autodesk DWF Viewer
Broadcom Management Programs
Broadcom NetXtreme Ethernet Controller
CutePDF Writer 2.8
DWGeditor
FileASSASSIN
Foxit PDF Editor
Google Earth
High Definition Audio Driver Package - KB888111
HiJackThis
HP Deskjet 1280
J2SE Runtime Environment 5.0 Update 10
Kaspersky Internet Security 2010
Kaspersky Internet Security 2010
K-Lite Codec Pack 5.4.4 (Full)
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft Visual Studio 2005 Tools for Applications - ENU
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser (KB925673)
Nero 7 Essentials
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Performance Driver for Autodesk AutoCAD 2007
NVIDIA Performance Drivers
PDF-Viewer
PhotoView 360
PowerISO
Real Alternative 2.0.1
Realtek High Definition Audio Driver
SolidWorks 2010 SP0
SolidWorks 2010 SP0
SolidWorks eDrawings 2010
SolidWorks Explorer 2010 SP0
Taskbar Shuffle version 2.5
Unit Conversion Tool 5.1
VLC media player 1.1.0
Windows Communication Foundation
Windows Installer Clean Up
Windows Media Format Runtime
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinRAR archiver
-----------------------------------
Directory of C:\dosh\ghos
08-Jul-10 12:12 PM <DIR> .
08-Jul-10 12:12 PM <DIR> ..
08-Aug-08 08:08 AM 284 1KG_rd
13-Dec-09 12:47 PM 80 1KG_rd0
13-Dec-09 12:47 PM 78 1KG_rd1
13-Dec-09 12:47 PM 525 1KG_SU
19-Jun-09 03:12 PM 39,424 1KG_su.exe
16-Jun-09 10:58 AM 535 1KG_un
08-Aug-08 08:08 AM 716 1KG_unis
10-Apr-09 07:12 PM 125 BCD_SET
13-Dec-09 12:47 PM 368 boot.ini
08-Aug-08 08:08 AM 126 c_pan.txt
19-Jun-09 03:12 PM 44,032 del_gho
29-Nov-08 12:14 PM 24,072 ds
13-Dec-09 12:47 PM 321 ds_all.txt
13-Dec-09 12:47 PM 20 ds_all2.txt
13-Dec-09 12:47 PM 20 ds_all3.txt
13-Dec-09 12:47 PM 20 ds_all4.txt
13-Dec-09 12:47 PM 321 ds_allg.txt
13-Dec-09 12:47 PM 321 ds_nor.txt
13-Dec-09 12:47 PM 321 ds_nor_d.txt
13-Dec-09 12:47 PM 335,872 eAPI.fne
26-May-09 07:32 AM 9,216 fi
08-Aug-08 08:08 AM 167,936 fr
08-Aug-08 08:08 AM 38,584 ft
12-Jun-09 05:52 PM 220,005 GHLDR
08-Aug-08 08:08 AM 9,216 ghldr.mbr
08-Aug-08 08:08 AM 147,240 GHLDR_0
19-Jun-09 05:38 PM 7,372,800 ghost.img
08-Aug-08 08:08 AM 1,830 ghostexp
08-Aug-08 08:08 AM 854,408 Ghostexp.exe
13-Dec-09 06:49 PM 14,622 GHOS_ERR.TXT
13-Dec-09 12:47 PM 36 gho_drv.ini
13-Dec-09 12:47 PM 354 gho_pass.ini
08-Aug-08 08:08 AM 2 gho_pass.txt
08-Aug-08 08:08 AM 46 gho_run
19-Jun-09 03:13 PM 103,936 gho_run.exe
08-Aug-08 08:08 AM 124 gho_swit.ini
08-Aug-08 08:08 AM 512 grub0
08-Aug-08 08:08 AM 7,168 grub2_15
08-Aug-08 08:08 AM 1,197,520 help.chm
13-Dec-09 12:47 PM 21,222 IRIMG1.BMP
13-Dec-09 12:47 PM 49,122 IRIMG1.JPG
08-Aug-08 08:08 AM 22,615 md5
08-Aug-08 08:08 AM 23,540 memdisk
15-Jun-09 09:10 AM 1,191 menu.lst
15-Jun-09 09:10 AM 1,191 menu1.lst
15-Jun-09 09:10 AM 1,233 menu2.lst
15-Jun-09 09:10 AM 1,141 menu3.lst
15-Jun-09 09:10 AM 1,195 menu4.lst
08-Aug-08 08:08 AM 2 nt
13-Apr-08 08:13 PM 47,564 NTDETECT.COM
13-Apr-08 10:01 PM 250,048 ntldr
13-Dec-09 12:47 PM 17,408 shellEx.fne
13-Dec-09 12:47 PM 77,520 uninstall.dat
13-Dec-09 12:47 PM 472,576 uninstall.exe
13-Dec-09 12:47 PM 10,616 uninstall.xml
13-Dec-09 12:47 PM 91,648 xc
13-Dec-09 12:47 PM 1,504 ?? ??GHOST.lnk
57 File(s) 11,684,472 bytes
2 Dir(s) 66,080,833,536 bytes free