Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijeckThis log for "Hacked by Tbh w0rm" issue

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HijeckThis log for "Hacked by Tbh w0rm" issue

Unread postby cargani » October 13th, 2009, 6:38 am

Ok,
Here we go ....
ComboFix 09-10-12.03 - Carlos 10/13/2009 12:18.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1255.972.1033.18.511.254 [GMT 2:00]
Running from: c:\documents and settings\Carlos\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk
c:\program files\Internet Explorer\msimg32.dll
c:\windows\Installer\336e8cb.msp
c:\windows\Installer\393d454.msp
c:\windows\Installer\WMEncoder.msi

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-12 16:47 . 2009-10-12 16:47 -------- d-----w- c:\documents and settings\Ben\Application Data\Nero
2009-10-12 16:47 . 2009-10-12 16:47 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\Symantec
2009-10-11 19:38 . 2009-10-11 19:39 -------- d-----w- c:\documents and settings\Carlos\Application Data\Nero
2009-10-11 19:35 . 2009-10-11 19:37 -------- d-----w- c:\program files\Nero
2009-10-11 19:35 . 2009-10-11 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-10-11 19:35 . 2009-10-11 19:37 -------- d-----w- c:\program files\Common Files\Nero
2009-10-11 12:22 . 2009-06-29 16:12 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-11 12:22 . 2009-06-29 16:12 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-11 12:22 . 2009-06-29 16:12 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-11 12:22 . 2009-06-29 11:07 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-11 12:22 . 2009-07-19 13:32 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-11 12:22 . 2009-06-29 16:12 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-10-11 12:22 . 2009-06-29 16:12 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-10-11 12:22 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-10-10 14:32 . 2009-10-10 14:32 -------- d-----w- c:\documents and settings\Carlos\Local Settings\Application Data\Symantec
2009-10-10 14:30 . 2009-01-15 11:42 91968 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2009-10-10 14:29 . 2009-10-10 14:29 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-10 14:29 . 2009-10-10 14:29 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-10 14:25 . 2007-03-21 18:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2009-10-10 14:24 . 2009-10-10 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-10 14:24 . 2009-10-10 14:29 -------- d-----w- c:\program files\Symantec
2009-10-05 16:59 . 2009-10-05 16:59 -------- d-----w- c:\documents and settings\Ben\Application Data\Malwarebytes
2009-10-05 16:49 . 2009-10-13 07:36 13440 ----a-w- c:\windows\GPCIDrv.sys
2009-10-04 22:14 . 2009-10-04 22:15 -------- d-----w- C:\rsit
2009-10-04 20:33 . 2009-10-04 20:33 -------- d-----w- c:\documents and settings\Carlos\Application Data\Malwarebytes
2009-10-04 20:33 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-04 20:33 . 2009-10-04 20:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 20:33 . 2009-10-04 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-04 20:33 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-29 07:21 . 2009-09-29 07:21 -------- d-----w- c:\program files\Trend Micro
2009-09-20 09:25 . 2008-06-19 14:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-09-20 09:25 . 2009-09-20 09:25 -------- d-----w- c:\program files\Panda Security
2009-09-20 06:53 . 2009-09-20 06:53 -------- d-----w- C:\CETL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-13 10:25 . 2006-06-06 19:33 -------- d-----w- c:\documents and settings\Carlos\Application Data\Skype
2009-10-13 07:36 . 2009-04-28 09:39 23524 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2009-10-13 07:23 . 2006-06-10 15:43 -------- d-----w- c:\program files\DinoWords_mini
2009-10-13 07:22 . 2006-05-06 11:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-13 07:21 . 2007-11-26 21:17 -------- d-----w- c:\program files\eMule
2009-10-11 06:30 . 2008-08-14 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-10 14:32 . 2008-08-03 15:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-10 14:29 . 2009-10-10 14:29 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-10 14:29 . 2009-10-10 14:29 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-29 19:31 . 2009-08-12 20:15 -------- d-----w- c:\documents and settings\Carlos\Application Data\U3
2009-09-29 10:05 . 2006-05-05 17:20 -------- d--h--w- c:\documents and settings\Ben\Application Data\Bfifrssst
2009-09-18 19:13 . 2006-07-05 17:20 -------- d-----w- c:\program files\Google
2009-09-18 06:03 . 2009-04-16 08:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-24 14:59 . 2006-04-25 09:13 177480 ----a-w- c:\documents and settings\Carlos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 15:08 . 2009-08-22 15:08 -------- d-----w- c:\program files\MSBuild
2009-08-22 15:08 . 2009-08-22 15:08 -------- d-----w- c:\program files\Reference Assemblies
2009-08-22 15:01 . 2009-08-22 15:01 -------- d-----w- c:\program files\MSXML 6.0
2009-08-05 09:11 . 2006-05-05 17:20 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2006-05-05 17:21 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2006-05-05 17:20 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 18:55 . 2006-05-05 17:20 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-08-16 2215960]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-08-16 12:16 2215960 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-08-16 2215960]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-08-16 2215960]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-12-18 25365032]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"Google Update"="c:\documents and settings\Carlos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-13 133104]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-07-08 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2005-08-16 544768]
"BigDogpath326"="c:\windows\VMSnap326.exe" [2006-09-18 86016]
"Domino"="c:\windows\Domino.exe" [2006-06-28 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-01-15 115560]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-20 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-1 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
ImageMixer 3 SE Camera Monitor for SD.lnk - c:\program files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe [2009-3-24 253952]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\gvupdate.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Carlos\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Carlos\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"56814:TCP"= 56814:TCP:Pando Media Booster
"56814:UDP"= 56814:UDP:Pando Media Booster

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/20/2009 11:25 AM 28544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/10/2009 7:05 PM 102448]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [10/5/2009 6:49 PM 13440]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [4/28/2009 11:39 AM 23524]
R3 usbvm328;Vimicro USB2.0 PC Camera(VC0326);c:\windows\system32\drivers\usbvm326.sys [10/8/2007 2:59 PM 234752]
R3 vmfilter326;326 MRD filter service;c:\windows\system32\drivers\vmfilter326.sys [10/8/2007 2:59 PM 483072]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/15/2009 1:42 PM 23888]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{764B092A-165E-3A2F-CC50-48A9C14846E8}]
c:\windows\Bfifrssst\win.jpg s
.
Contents of the 'Scheduled Tasks' folder

2009-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

2009-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1060284298-839522115-1003Core.job
- c:\documents and settings\Carlos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 13:09]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1060284298-839522115-1003UA.job
- c:\documents and settings\Carlos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 13:09]

2009-10-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 19:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: &יצא ל- Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version ... Client.cab
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://download.tvants.com/pub/tvants/t ... tvants.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellIconOverlayIdentifiers-{51D8EAB2-A055-487F-BBE0-DFB79DD0E76D} - c:\windows\system32\cfgsle.dll
HKCU-Run-GTRipple - c:\program files\GTDesktop\Plugins\GTRipple.exe
HKLM-Run-StartFoxie - c:\program files\Foxie Suite\StartFoxie.exe
HKLM-Run-ICQ Lite - c:\program files\ICQLite\ICQLite.exe
ShellExecuteHooks-{D0ABAB9C-4F67-46C8-8061-11489EDE03DF} - (no file)
SafeBoot-Symantec Antvirus



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-13 12:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\TelnetServer\1.0\ReadConfig]
@DACL=(02 0000)
"Defaults"=dword:00000000
.
Completion time: 2009-10-13 12:27
ComboFix-quarantined-files.txt 2009-10-13 10:27

Pre-Run: 5,283,024,896 bytes free
Post-Run: 6,113,296,384 bytes free

218 --- E O F --- 2009-10-12 16:00


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:56 PM, on 10/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\Domino.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files\agat\AGForm\AGFormsHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O3 - Toolbar: AGForms - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [BigDogpath326] C:\WINDOWS\VMSnap326.exe VIMICRO USB2.0 PC Camera (VC0326)
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe VIMICRO USB2.0 PC Camera (VC0326)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Carlos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 2.0.50727)" -"http://www8.agame.com/games/shockwave/b/beach_trends/beach_trends_3d_girlsgogames_com.html"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor for SD.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version ... Client.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/49.12/uploader2.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://download.tvants.com/pub/tvants/t ... tvants.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fujiprintnet.co.il/online/Im ... oader4.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host-d.oddcast.com/hostClientIE.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photo-print.co.il/uploadComF ... oader3.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.fujiprintnet.co.il/online/Im ... oader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 10817 bytes


A.D.A.M. Interactive Anatomy
Adobe Acrobat 4.0, 5.0
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS
Adobe Reader 7.0
Adobe Shockwave Player 11.5
Ahead Nero Burning ROM
Anark Client 4
Apple Mobile Device Support
Apple Software Update
AsusUpdate
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon EOS 20D WIA Driver
Canon EOS-1D Mark II WIA Driver
Canon EOS-1Ds Mark II WIA Driver
Canon i350
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Capture 1.2
Canon Utilities EOS Utility
Canon Utilities EOS Viewer Utility 1.2
Canon Utilities MyCamera
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Critical Update for Windows Media Player 11 (KB959772)
DenyaPhotoNet Viewer
Digital Photo Navigator 1.0
E-GOV.IL Sign&Verify Software - AGForm toolbar
GIGABYTE VGA Utility Manager
Google SketchUp
Google Talk Plugin
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
ICatch (VI) PC Camera
Icy Tower v1.3
ImageMixer 3 SE for SD
iTunes
LiveUpdate 3.3 (Symantec Corporation)
lupa 1.21
Malwarebytes' Anti-Malware
MapleStory
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional
Microsoft Office XP Standard
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MP3 Player Utilities
MP3 Player Utilities 4.13
MSXML 6 Service Pack 2 (KB954459)
myBabylon_English Toolbar
MyDSC2
Nero BackItUp 4 Essentials
Nero BurnRights (Ahead Software)
NSIS Media Extension
NVIDIA Drivers
Panda ActiveScan 2.0
PC Probe II
Picasa 2
PowerDVD
QuickTime
QuickTime for Windows (32-bit)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Skype 3.0
Skype add-on for IE
Skype Plugin Manager
SoundMAX
StepMania CVS (remove only)
Symantec Endpoint Protection
Ulead Photo Express 4.0 SE
Ulead VideoStudio 7 SE Basic
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VIMICRO USB2.0 PC Camera (VC0326)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
cargani
Regular Member
 
Posts: 31
Joined: September 28th, 2009, 3:16 pm
Advertisement
Register to Remove

Re: HijeckThis log for "Hacked by Tbh w0rm" issue

Unread postby muppy03 » October 13th, 2009, 7:18 pm

1. Is there some reason you did not install the Recovery Console. With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Go to Microsoft's website => http://support.microsoft.com/kb/310994
  • Scroll down to Step 1 (where it says: Step 1: Download the Setup disk program), & select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.
    Note: If you have SP3, use the SP2 package.
  • Save the file to the desktop of your computer
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    Image
  • Drag the setup package onto ComboFix.exe and drop it
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console
    Image
  • At the next prompt, click No to exit

2. Do you know what this is?
    C:\CETL

If not lets have a look at what is in that folder:-

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
     :dir
    C:\CETL 

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Also I notice that you have myBabylon_English Toolbar installed, if not used I would recommend uninstalling. Keep if you need it.

Please reply when the Recovery console has been installed and post the SystemLook.txt
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: HijeckThis log for "Hacked by Tbh w0rm" issue

Unread postby cargani » October 14th, 2009, 6:59 am

Hi,
1- Sorry, no reason about Recovery Console. Was a missunderstanding.
Now my computer have the Recovery Console
2. Do you know what this is? C:\CETL
I think that is a learning program for kid's, but isn't in use. Can i remove?
Also i made a systemlook.....
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 12:46 on 14/10/2009 by Carlos (Administrator - Elevation successful)

========== dir ==========

C:\CETL - Parameters: "(none)"

---Files---
CETINI.1 --a--- 34 bytes [06:53 20/09/2009] [11:18 23/04/1995]
CETINI.2 --a--- 34 bytes [06:53 20/09/2009] [11:18 23/04/1995]

---Folders---
MABAT3 d----- [06:53 20/09/2009]

-=End Of File=-

Sometimes i use Babylon for translations.

Thank's
cargani
Regular Member
 
Posts: 31
Joined: September 28th, 2009, 3:16 pm

Re: HijeckThis log for "Hacked by Tbh w0rm" issue

Unread postby muppy03 » October 14th, 2009, 7:51 am

After you do the following please update me on how the computer is running?

I think that is a learning program for kid's, but isn't in use. Can i remove?.

Sure

COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    c:\windows\Bfifrssst\win.jpg s 
    
    Folder::
    c:\program files\eMule
    c:\documents and settings\All Users\Application Data\avg8
    c:\documents and settings\Ben\Application Data\Bfifrssst
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{764B092A-165E-3A2F-CC50-48A9C14846E8}]
     
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please reply with:-
  • Combofix log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: HijeckThis log for "Hacked by Tbh w0rm" issue

Unread postby cargani » October 14th, 2009, 8:42 am

Hi again'

ComboFix 09-10-13.01 - Carlos 10/14/2009 14:26.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1255.972.1033.18.511.190 [GMT 2:00]
Running from: c:\documents and settings\Carlos\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Carlos\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

FILE ::
"c:\windows\Bfifrssst\win.jpg s"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\avg8
c:\documents and settings\All Users\Application Data\avg8\AvgAm\avgam.lck
c:\documents and settings\All Users\Application Data\avg8\Cfg\erd.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\mail.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\malrep.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\scan.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\sched.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\update.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\updateall.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\user.cfg
c:\documents and settings\All Users\Application Data\avg8\cfgall\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg8\cfgall\updateall.cfg
c:\documents and settings\All Users\Application Data\avg8\dumps\avgtray.exe_128846801567968750.dmp
c:\documents and settings\All Users\Application Data\avg8\Log\04d216f2-5768-49fc-b1b6-ed6886b014f0
c:\documents and settings\All Users\Application Data\avg8\Log\04e8f2ea-2f87-4a5f-a36c-0164414b3c6e
c:\documents and settings\All Users\Application Data\avg8\Log\4d75cf7e-ae14-4063-a110-f891446350de
c:\documents and settings\All Users\Application Data\avg8\Log\9bdfa687-7471-443b-912c-f86cb55a974e
c:\documents and settings\All Users\Application Data\avg8\Log\avgam.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgam.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.11
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.12
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.13
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.14
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.15
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.16
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.17
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.18
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.19
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.20
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgldr.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgldr.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrmac.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrmac.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avildr.log
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\commonpub.log
c:\documents and settings\All Users\Application Data\avg8\Log\commonpub.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\fixcfg.log
c:\documents and settings\All Users\Application Data\avg8\Log\fixcfg.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\history.xml
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000001.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000002.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000005.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000006.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000007.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000008.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000009.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000010.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000011.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000012.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000013.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000014.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000015.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000016.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000017.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000018.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000019.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000020.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000021.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000022.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000023.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000024.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000025.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000026.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000027.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000028.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000029.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000030.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000031.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000032.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000033.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000034.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000035.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000036.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000037.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000038.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000039.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000040.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000041.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000042.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000043.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000044.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000045.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000046.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000047.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000048.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000049.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000050.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000051.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000052.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000053.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000054.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000055.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000056.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000057.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000058.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000059.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000060.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000061.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000062.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000063.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000064.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000065.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000066.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000067.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000068.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000069.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000070.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000071.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000072.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000073.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000074.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000075.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000076.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000077.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000078.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000079.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000080.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000081.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000082.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000083.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000084.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000085.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000086.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000087.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000088.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000089.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000090.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000091.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000092.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000093.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000094.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000095.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000096.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000097.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000098.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000099.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000100.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000101.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000102.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000103.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000104.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000105.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000106.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000107.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000108.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000109.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000110.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000111.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000112.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000113.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000114.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000115.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000116.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000117.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000118.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000119.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000120.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000121.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000122.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000123.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000124.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000125.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000126.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000127.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000128.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000129.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000130.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000131.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000132.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000133.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000134.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000135.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000136.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000137.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000138.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000139.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000140.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000141.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000142.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000143.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000144.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000145.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000146.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000147.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000148.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000149.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000150.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000151.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000152.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000153.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000154.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000155.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000156.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000157.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000158.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000159.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000160.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000161.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000162.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000163.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000164.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000165.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000166.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000167.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000168.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000169.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000170.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000171.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000172.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000173.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000174.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000175.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000176.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000177.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000178.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000179.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000180.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000181.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000182.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000183.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000184.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000185.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000186.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000187.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000188.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000189.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000190.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000191.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000192.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000193.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000194.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000195.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000196.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000197.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000198.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000199.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000200.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000201.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000202.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000203.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000204.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000205.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000206.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000207.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000208.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000209.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000210.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000211.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000212.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000213.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000214.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000215.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000216.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000217.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000218.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000219.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000220.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000221.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000222.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000223.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000224.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000225.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000226.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000227.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000228.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000229.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000230.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000231.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000232.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000233.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000234.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000235.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000236.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000237.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000238.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000239.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000240.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000241.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000242.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000243.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000244.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000245.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000246.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000247.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000248.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000249.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000250.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000251.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000252.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000253.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000254.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000255.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000256.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000257.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000258.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000259.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000260.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000261.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000262.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000263.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000264.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000265.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000266.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000267.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000268.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000269.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000270.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000271.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000272.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000273.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000274.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000275.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000276.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000277.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000278.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000279.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000280.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000281.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000282.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000283.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000284.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000285.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000286.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000287.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000288.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000289.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000290.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000291.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000292.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000293.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000294.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000295.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000296.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000297.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000298.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000299.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000300.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000301.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000302.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000303.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000304.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000305.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000306.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000307.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000308.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000309.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000310.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000311.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000312.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000313.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000314.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000315.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000316.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000317.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000318.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000319.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000320.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000321.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000322.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000323.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000324.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000325.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000326.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000327.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000328.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000329.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000330.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000331.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000332.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000333.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000334.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000335.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000336.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000337.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000338.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000339.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000340.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000341.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000342.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000343.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000344.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000345.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000346.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000347.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000348.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000349.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000350.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000351.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000352.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000353.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000354.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\srm.idx
c:\documents and settings\All Users\Application Data\avg8\update\backup\incavi.avm
c:\documents and settings\All Users\Application Data\avg8\update\backup\microavi.avg
c:\documents and settings\All Users\Application Data\avg8\update\backup\sb.dat
c:\documents and settings\All Users\Application Data\avg8\update\backup\sb2.dat
c:\documents and settings\All Users\Application Data\avg8\update\backup\sc.dat
c:\documents and settings\All Users\Application Data\avg8\update\prepare\incavi.avm
c:\documents and settings\All Users\Application Data\avg8\update\prepare\sb.dat.prepare
c:\documents and settings\All Users\Application Data\avg8\update\prepare\sc.dat.prepare
c:\documents and settings\Ben\Application Data\Bfifrssst
c:\program files\eMule

.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.

2009-10-12 16:47 . 2009-10-12 16:47 -------- d-----w- c:\documents and settings\Ben\Application Data\Nero
2009-10-12 16:47 . 2009-10-12 16:47 -------- d-----w- c:\documents and settings\Ben\Local Settings\Application Data\Symantec
2009-10-11 19:38 . 2009-10-11 19:39 -------- d-----w- c:\documents and settings\Carlos\Application Data\Nero
2009-10-11 19:35 . 2009-10-11 19:37 -------- d-----w- c:\program files\Nero
2009-10-11 19:35 . 2009-10-11 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-10-11 19:35 . 2009-10-11 19:37 -------- d-----w- c:\program files\Common Files\Nero
2009-10-11 12:22 . 2009-06-29 16:12 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-11 12:22 . 2009-06-29 16:12 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-11 12:22 . 2009-06-29 16:12 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-10-11 12:22 . 2009-06-29 11:07 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-11 12:22 . 2009-07-19 13:32 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-10-11 12:22 . 2009-06-29 16:12 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-10-11 12:22 . 2009-06-29 16:12 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-10-11 12:22 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-10-10 14:32 . 2009-10-10 14:32 -------- d-----w- c:\documents and settings\Carlos\Local Settings\Application Data\Symantec
2009-10-10 14:30 . 2009-01-15 11:42 91968 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2009-10-10 14:29 . 2009-10-10 14:29 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-10 14:29 . 2009-10-10 14:29 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-10 14:25 . 2007-03-21 18:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2009-10-10 14:24 . 2009-10-10 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-10 14:24 . 2009-10-10 14:29 -------- d-----w- c:\program files\Symantec
2009-10-05 16:59 . 2009-10-05 16:59 -------- d-----w- c:\documents and settings\Ben\Application Data\Malwarebytes
2009-10-05 16:49 . 2009-10-13 07:36 13440 ----a-w- c:\windows\GPCIDrv.sys
2009-10-04 22:14 . 2009-10-04 22:15 -------- d-----w- C:\rsit
2009-10-04 20:33 . 2009-10-04 20:33 -------- d-----w- c:\documents and settings\Carlos\Application Data\Malwarebytes
2009-10-04 20:33 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-04 20:33 . 2009-10-04 20:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 20:33 . 2009-10-04 20:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-04 20:33 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-29 07:21 . 2009-09-29 07:21 -------- d-----w- c:\program files\Trend Micro
2009-09-20 09:25 . 2008-06-19 14:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-09-20 09:25 . 2009-09-20 09:25 -------- d-----w- c:\program files\Panda Security
2009-09-20 06:53 . 2009-09-20 06:53 -------- d-----w- C:\CETL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 12:31 . 2006-06-06 19:33 -------- d-----w- c:\documents and settings\Carlos\Application Data\Skype
2009-10-13 07:36 . 2009-04-28 09:39 23524 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2009-10-13 07:23 . 2006-06-10 15:43 -------- d-----w- c:\program files\DinoWords_mini
2009-10-13 07:22 . 2006-05-06 11:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-10 14:32 . 2008-08-03 15:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-10 14:29 . 2009-10-10 14:29 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-10-10 14:29 . 2009-10-10 14:29 10563 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-29 19:31 . 2009-08-12 20:15 -------- d-----w- c:\documents and settings\Carlos\Application Data\U3
2009-09-18 19:13 . 2006-07-05 17:20 -------- d-----w- c:\program files\Google
2009-09-18 06:03 . 2009-04-16 08:16 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-24 14:59 . 2006-04-25 09:13 177480 ----a-w- c:\documents and settings\Carlos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 15:08 . 2009-08-22 15:08 -------- d-----w- c:\program files\MSBuild
2009-08-22 15:08 . 2009-08-22 15:08 -------- d-----w- c:\program files\Reference Assemblies
2009-08-22 15:01 . 2009-08-22 15:01 -------- d-----w- c:\program files\MSXML 6.0
2009-08-05 09:11 . 2006-05-05 17:20 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2006-05-05 17:21 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2006-05-05 17:20 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-17 18:55 . 2006-05-05 17:20 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-13_10.25.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-13 10:50 . 2009-10-13 10:50 16384 c:\windows\temp\Perflib_Perfdata_5e0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-08-16 2215960]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-08-16 12:16 2215960 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-08-16 2215960]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-08-16 2215960]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-12-18 25365032]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"Google Update"="c:\documents and settings\Carlos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-13 133104]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-07-08 925696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-20 7110656]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2005-08-16 544768]
"BigDogpath326"="c:\windows\VMSnap326.exe" [2006-09-18 86016]
"Domino"="c:\windows\Domino.exe" [2006-06-28 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-20 86016]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-01-15 115560]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-20 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-1 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
ImageMixer 3 SE Camera Monitor for SD.lnk - c:\program files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe [2009-3-24 253952]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\G-vga.exe"=
"c:\\Program Files\\GigaByte\\VGA Utility Manager\\gvupdate.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Carlos\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Carlos\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"56814:TCP"= 56814:TCP:Pando Media Booster
"56814:UDP"= 56814:UDP:Pando Media Booster

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [9/20/2009 11:25 AM 28544]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/10/2009 7:05 PM 102448]
R3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [10/5/2009 6:49 PM 13440]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [4/28/2009 11:39 AM 23524]
R3 usbvm328;Vimicro USB2.0 PC Camera(VC0326);c:\windows\system32\drivers\usbvm326.sys [10/8/2007 2:59 PM 234752]
R3 vmfilter326;326 MRD filter service;c:\windows\system32\drivers\vmfilter326.sys [10/8/2007 2:59 PM 483072]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/15/2009 1:42 PM 23888]
.
Contents of the 'Scheduled Tasks' folder

2009-10-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 09:34]

2009-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1060284298-839522115-1003Core.job
- c:\documents and settings\Carlos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 13:09]

2009-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1060284298-839522115-1003UA.job
- c:\documents and settings\Carlos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 13:09]

2009-10-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 19:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gmail.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: &יצא ל- Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} - hxxp://install.anark.com/client/version ... Client.cab
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://download.tvants.com/pub/tvants/t ... tvants.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 14:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\TelnetServer\1.0\ReadConfig]
@DACL=(02 0000)
"Defaults"=dword:00000000
.
Completion time: 2009-10-14 14:36
ComboFix-quarantined-files.txt 2009-10-14 12:36
ComboFix2.txt 2009-10-14 10:34
ComboFix3.txt 2009-10-13 10:27

Pre-Run: 6,042,513,408 bytes free
Post-Run: 6,026,477,568 bytes free

720 --- E O F --- 2009-10-12 16:00


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:12 PM, on 10/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\Domino.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files\agat\AGForm\AGFormsHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O3 - Toolbar: AGForms - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [BigDogpath326] C:\WINDOWS\VMSnap326.exe VIMICRO USB2.0 PC Camera (VC0326)
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe VIMICRO USB2.0 PC Camera (VC0326)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Carlos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 2.0.50727)" -"http://www8.agame.com/games/shockwave/b/beach_trends/beach_trends_3d_girlsgogames_com.html"
O4 - HKUS\S-1-5-21-842925246-1060284298-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Ben')
O4 - HKUS\S-1-5-21-842925246-1060284298-839522115-1004\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Ben')
O4 - HKUS\S-1-5-21-842925246-1060284298-839522115-1004\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Ben')
O4 - HKUS\S-1-5-21-842925246-1060284298-839522115-1004\..\Run: [ICQ] "C:\Documents and Settings\Ben\Desktop\ICQ6.5\ICQ.exe" silent (User 'Ben')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor for SD.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version ... Client.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/49.12/uploader2.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://download.tvants.com/pub/tvants/t ... tvants.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fujiprintnet.co.il/online/Im ... oader4.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host-d.oddcast.com/hostClientIE.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photo-print.co.il/uploadComF ... oader3.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.fujiprintnet.co.il/online/Im ... oader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 11406 bytes
cargani
Regular Member
 
Posts: 31
Joined: September 28th, 2009, 3:16 pm

Re: HijeckThis log for "Hacked by Tbh w0rm" issue

Unread postby muppy03 » October 15th, 2009, 1:56 am

Ok that is looking better, Please let me know what problems you are having and how the computer is running.

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Make sure that all browser windows are closed.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    (If you use FireFox or the Opera browser,To keep saved passwords, click No at the prompt.)
    Click Exit on the Main menu to close the program.

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 9.
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply

Please reply with:-
  • Kaspersky report
  • New HJT log
  • Update on how computer is running
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: HijeckThis log for "Hacked by Tbh w0rm" issue

Unread postby cargani » October 16th, 2009, 6:16 am

Hi,
First of all the computer is working much better and the line " Hacked by Tbh w0rm" disappeared.
The PC is still working slowly (overthinking), and in Microsoft Outlook I can't open attachment's.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 15, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, October 15, 2009 18:21:08
Records in database: 3000406
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 104104
Threats found: 3
Infected objects found: 10
Suspicious objects found: 0
Scan duration: 02:43:57


File name / Threat / Threats count
msnmsgr.exe\MSIMG32.dll/msnmsgr.exe\MSIMG32.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Program Files\MSN Messenger\MSIMG32.dll/C:\Program Files\MSN Messenger\MSIMG32.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\07A80000\4FFA2FA0.VBN Infected: Worm.VBS.Autorun.gt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\07A80001\4FFA3113.VBN Infected: Worm.VBS.Autorun.gt 1
C:\Documents and Settings\Carlos\Local Settings\Application Data\Microsoft\Outlook\backup.pst Infected: Trojan-Spy.HTML.Bayfraud.hn 1
C:\Documents and Settings\Carlos\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Trojan-Spy.HTML.Bayfraud.hn 1
C:\Program Files\MSN Messenger\msimg32.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\Programs\backup.pst Infected: Trojan-Spy.HTML.Bayfraud.hn 1
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1
C:\System Volume Information\_restore{7E11B700-4573-43C8-B37E-703478F1439D}\RP1\A0000254.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1

Selected area has been scanned.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:59 PM, on 10/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\VMSnap326.exe
C:\WINDOWS\Domino.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Carlos\Local Settings\temp\jkos-Carlos\binaries\ScanningProcess.exe
C:\Documents and Settings\Carlos\Local Settings\temp\jkos-Carlos\binaries\ScanningProcess.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files\agat\AGForm\AGFormsHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AGForms - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [BigDogpath326] C:\WINDOWS\VMSnap326.exe VIMICRO USB2.0 PC Camera (VC0326)
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe VIMICRO USB2.0 PC Camera (VC0326)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Carlos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 2.0.50727)" -"http://www8.agame.com/games/shockwave/b/beach_trends/beach_trends_3d_girlsgogames_com.html"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor for SD.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version ... Client.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/49.12/uploader2.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://download.tvants.com/pub/tvants/t ... tvants.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fujiprintnet.co.il/online/Im ... oader4.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host-d.oddcast.com/hostClientIE.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photo-print.co.il/uploadComF ... oader3.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.fujiprintnet.co.il/online/Im ... oader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 12585 bytes
cargani
Regular Member
 
Posts: 31
Joined: September 28th, 2009, 3:16 pm

Re: HijeckThis log for "Hacked by Tbh w0rm" issue

Unread postby muppy03 » October 17th, 2009, 2:18 am

The PC is still working slowly (overthinking), and in Microsoft Outlook I can't open attachment's.

I would say the problem that you are having is more to do with the settings of the program rather than a malware issue, although there is infected email flagged by Kaspersky. In the following folders.

    C:\Documents and Settings\Carlos\Local Settings\Application Data\Microsoft\Outlook\backup.pst

    C:\Documents and Settings\Carlos\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst


I have know way of knowing what is infected, so would advise deleting anything except what is absolutely crucial in the above folders.

Also C:\Programs\backup.pst This also contains infection. Do you know what it is? If not and if not wanted please delete.

You can also empty all that is in the Symantec quarantine.


This next step is your choice. The below items I am getting you to fix with HJT are for programs that do not need to start up when you turn your computer on. Doing the below step WILL NOT UNINSTALL these programs ONLY stop them from running at startup. All will be available when you need them. The bonus is it will make your startup time a bit shorter

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Carlos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 2.0.50727)" -"http://www8.agame.com/games/shockwave/b/beach_trends/beach_trends_3d_girlsgogames_com.html"
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE



Once selected close all windows except HJT an click on Fix Checked


Add what is below if you think you don’t need them to run at startup.

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
Related to Nero_BackUp Application

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
SoundMax integrated sound. Required if you have custom settings for your sound, such as effects and environments

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card

Please post back with a NEW HJT and another update on how things are.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: HijeckThis log for "Hacked by Tbh w0rm" issue

Unread postby cargani » October 19th, 2009, 10:09 am

Hi,
The PC is still working slowly and in Microsoft Outlook I can't open attachment's.
I've tried to clean the outlook.pst and backup.pst. I supoused that know is clean.

Here i'm sending another log.

thank's a lot ;)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:41 PM, on 10/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\VMSnap326.exe
C:\WINDOWS\Domino.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files\agat\AGForm\AGFormsHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AGForms - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [BigDogpath326] C:\WINDOWS\VMSnap326.exe VIMICRO USB2.0 PC Camera (VC0326)
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe VIMICRO USB2.0 PC Camera (VC0326)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Carlos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 2.0.50727)" -"http://www8.agame.com/games/shockwave/b/beach_trends/beach_trends_3d_girlsgogames_com.html"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor for SD.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version ... Client.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/49.12/uploader2.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://download.tvants.com/pub/tvants/t ... tvants.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fujiprintnet.co.il/online/Im ... oader4.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host-d.oddcast.com/hostClientIE.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photo-print.co.il/uploadComF ... oader3.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.fujiprintnet.co.il/online/Im ... oader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 12845 bytes
cargani
Regular Member
 
Posts: 31
Joined: September 28th, 2009, 3:16 pm

Re: HijeckThis log for "Hacked by Tbh w0rm" issue

Unread postby muppy03 » October 19th, 2009, 6:49 pm

Please take note that your Total RAM: 511 MB and can be the cause of slowness especially when running such a resource hog as Norton. Doubling you Ram would make a difference there.

Did you fix the 04 items from my last post? It does not indicate that you have from your last HJT log. Doing so will also help system performance. Try it and let me know how if you notice any difference.

and in Microsoft Outlook I can't open attachment's
I would say the problem that you are having is more to do with the settings of the program.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: HijeckThis log for "Hacked by Tbh w0rm" issue

Unread postby cargani » October 20th, 2009, 7:02 am

Hi,
I removed all that you ask for. Send another hijackthis?
I have another pc with the same infection. Can you help me with ths also?
Can i use the same programs to clean the pc?
Thank's
cargani
Regular Member
 
Posts: 31
Joined: September 28th, 2009, 3:16 pm

Re: HijeckThis log for "Hacked by Tbh w0rm" issue

Unread postby muppy03 » October 20th, 2009, 7:08 am

Please post a final HJT before we do a clean up, did you notice any difference after stopping the programs from starting?

I have another pc with the same infection. Can you help me with ths also?
Can i use the same programs to clean the pc?

Start a new topic for the other PC. Wait for instrution before using tools as infection might be slightly different.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: HijeckThis log for "Hacked by Tbh w0rm" issue

Unread postby cargani » October 21st, 2009, 2:47 am

Hello,
The pc is working much better ( i think)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:54 AM, on 10/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\VMSnap326.exe
C:\WINDOWS\Domino.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files\agat\AGForm\AGFormsHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AGForms - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [BigDogpath326] C:\WINDOWS\VMSnap326.exe VIMICRO USB2.0 PC Camera (VC0326)
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe VIMICRO USB2.0 PC Camera (VC0326)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor for SD.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE for SD\CameraMonitor.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version ... Client.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/49.12/uploader2.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://download.tvants.com/pub/tvants/t ... tvants.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fujiprintnet.co.il/online/Im ... oader4.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host-d.oddcast.com/hostClientIE.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photo-print.co.il/uploadComF ... oader3.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.fujiprintnet.co.il/online/Im ... oader4.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 11256 bytes
cargani
Regular Member
 
Posts: 31
Joined: September 28th, 2009, 3:16 pm

Re: HijeckThis log for "Hacked by Tbh w0rm" issue

Unread postby muppy03 » October 21st, 2009, 3:40 am

Looks good so if you are not having any further problems, I would suggest you proceed as follows.

MBAM and ATF are great tools for you to keep and use on a regular basis.

You can delete RSIT from your Desktop and it associated folder C:\RSIT

Remove Combofix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK ( please note the space between Combofix and the /, it is needed.)
  • Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.


Now that the infection is gone lets try to keep it that way by following the below recommendations.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.

Here are some free programs I recommend that could help you improve your computer's security.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Read some information here how to prevent Malware.


Please reply if you have any problems or questions

Happy Safe Surfing :flower:
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: HijeckThis log for "Hacked by Tbh w0rm" issue

Unread postby cargani » October 22nd, 2009, 2:45 am

The pc is working fine.
Thank you so much for your help. :king:
cargani
Regular Member
 
Posts: 31
Joined: September 28th, 2009, 3:16 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 305 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware