Windows 7 Support
Become a Fan of PCHF on Facebook!
 User Reviews - Add Yours!
The PCHF Lounge
Go Back   PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs
Reload this Page Could someone analyse my HiJackThis log?
Register for a Free Account

[Fixed] Hijackthis! Logs - Could someone analyse my HiJackThis log? posted in the Security & Safety forums; Hello there. I'm new to the site/forum and need some help. I've been recently experiencing explorer.exe crashes whenever I close a folder. It doesn't matter which folder it is, it ...

Advertisement
Advertisement

Reply
Free PC Performance Scan
Page 1 of 2 1 2
Old 06-25-2009   #1
Bronze Member
 
Join Date: Jun 2009
Posts: 7
PC Experience: Some Experience
Default Could someone analyse my HiJackThis log?
Hello there.
I'm new to the site/forum and need some help.

I've been recently experiencing explorer.exe crashes whenever I close a folder. It doesn't matter which folder it is, it always crashes explorer.exe.
It usually restarts after I've clicked through the error message but its becoming more and more irritating when I want to close a folder.

I've ran several scans; Malwarebytes Anti-Malware and Avast! virus scan and all came up with nothing wrong.

So heres my HiJackThis log to see if anyone can spot an anomoly which might be causing this damn annoying problem.

I really don't want to have to reformat my HD, reinstall or repair Windows.
I cannot express how much I DO NOT WANT to reformat my HD, reinstall or repair Windows.

So any help would be awesome and I'd be forever in your debt.

Thanks in advance.

Obi Wan.
[Jedi Master]

P.S. Yes, I tried using the 'Force' but I've been slacking lately, what with the Dark Side sweeping the galaxy and Imperial Stormtroopers not giving me a moments peace.
Attached Files
File Type: log hijackthis.log (10.4 KB, 1 views)
Obi Wan Kenobi is offline   Reply With Quote
Old 06-25-2009   #2
PCHF Founder & Owner
 
Hengis's Avatar
 
Join Date: Jan 2004
Location: The PCHF Bunker
Posts: 15,747
PC Experience: Microsoft Certified Professional
Default Re: Could someone analyse my HiJackThis log?
Hi there and welcome to PCHF

We have an excellent tried and tested formula for gathering all of the information we need to help you with Malware and Spyware. Please visit this link: http://www.pchelpforum.com/new-hijac...a-prework.html and follow the instructions.

Once you have the required logs a member of the PC Security Team will help you through the important "fixing" stage.
Hengis is online now   Reply With Quote
Old 06-25-2009   #3
Bronze Member
 
Join Date: Jun 2009
Posts: 7
PC Experience: Some Experience
Default Re: Could someone analyse my HiJackThis log?
Hello Hengis and thank you.
I am now attaining the required logs and will reply to this thread once I have them.

Thanks again.
Obi Wan Kenobi is offline   Reply With Quote
Old 06-25-2009   #4
Bronze Member
 
Join Date: Jun 2009
Posts: 7
PC Experience: Some Experience
Default Re: Could someone analyse my HiJackThis log?
Ok heres my Malwarebytes and HiJackThis logs.

Hope this can help.

Thanks again.

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

25/06/2009 15:10:31
mbam-log-2009-06-25 (15-10-31).txt

Scan type: Full Scan (C:\|)
Objects scanned: 425616
Time elapsed: 2 hour(s), 0 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------------------------------------------------------------
-------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 15:13:27, on 25/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en&source=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1229897745109
O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/n...fyLauncher.cab
O16 - DPF: {C9A2CBF3-B7F9-463E-A690-82CC077DCFC6} (ZemiDetectHardware Control) - http://www.4story.com/Active_X/ZemiDetectHardware.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://clubgames-uk.pogo.com/online2...ploader_v6.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CD34341-57F7-406C-91BA-32CB374B0E62}: NameServer = 149.254.192.126 149.254.201.126
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9a3f862c0adc2) (gupdate1c9a3f862c0adc2) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
Attached Files
File Type: log hijackthis.log (10.4 KB, 0 views)
File Type: txt mbam-log-2009-06-25 (15-10-31).txt (850 Bytes, 0 views)
Last edited by Obi Wan Kenobi; 06-25-2009 at 02:32 PM.
Obi Wan Kenobi is offline   Reply With Quote
Old 06-25-2009   #5
Senior Security Analyst
 
chiaz's Avatar
 
Join Date: Jun 2006
Location: Singapore
Posts: 5,353
PC Experience: PC Guru
Default Re: Could someone analyse my HiJackThis log?
Hey, welcome to PCHF.

I have moved your thread to the [In Progress] section.


Your logs look fine to me, but I need you to download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you (combofix.txt)


Please include this report for further review (copy and paste it, not attach), so that we may continue cleansing the system if necessary.
Last edited by chiaz; 06-25-2009 at 02:44 PM.
chiaz is online now   Reply With Quote
Old 06-25-2009   #6
Bronze Member
 
Join Date: Jun 2009
Posts: 7
PC Experience: Some Experience
Default Re: Could someone analyse my HiJackThis log?
Heres the ComboFix log:
----------------------------


ComboFix 09-06-24.05 - **** 25/06/2009 16:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1448 [GMT 1:00]
Running from: c:\documents and settings\****\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090624-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\****\Application Data\.#
c:\windows\system32\Data
c:\documents and settings\****\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\windows\system32\drivers\ctoss2k.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ossrv
-------\Service_ossrv


((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 09:30 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-25 09:30 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 09:10 . 2001-08-17 13:05 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2009-06-25 09:10 . 2001-08-17 13:06 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys
2009-06-25 09:10 . 2001-08-17 11:12 109085 -c--a-w- c:\windows\system32\dllcache\ibmtrp.sys
2009-06-25 09:10 . 2001-08-17 11:12 100936 -c--a-w- c:\windows\system32\dllcache\ibmtok.sys
2009-06-25 09:10 . 2001-08-17 21:34 9216 -c--a-w- c:\windows\system32\dllcache\ibmsgnet.dll
2009-06-25 09:10 . 2001-08-17 11:11 28700 -c--a-w- c:\windows\system32\dllcache\ibmexmp.sys
2009-06-25 09:08 . 2001-08-17 21:36 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2009-06-25 09:07 . 2001-08-17 11:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2009-06-25 09:06 . 2001-08-17 12:28 241206 -c--a-w- c:\windows\system32\dllcache\el656se5.sys
2009-06-25 09:05 . 2001-08-17 21:36 25600 -c--a-w- c:\windows\system32\dllcache\dc210_32.dll
2009-06-25 09:04 . 2001-08-17 12:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-06-25 09:03 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-06-24 21:58 . 2009-06-24 21:58 -------- d-----w- c:\program files\PC Wizard 2008
2009-06-20 17:11 . 2009-06-20 17:11 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-20 17:11 . 2009-06-20 17:11 -------- d-----w- c:\program files\Common Files\PCSuite
2009-06-20 17:11 . 2009-06-20 17:11 -------- d-----w- c:\program files\Common Files\Nokia
2009-06-20 16:52 . 2009-06-20 17:11 -------- d-----w- c:\program files\Common Files\PCSuite(2)
2009-06-13 17:02 . 2009-06-13 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\YoGen
2009-06-13 17:02 . 2009-06-13 17:02 -------- d-----w- c:\program files\YoGen Vocal Remover 3.3.6
2009-06-11 15:11 . 2002-12-11 23:14 34304 -c--a-w- c:\windows\system32\dllcache\mciqtz32.dll
2009-06-11 15:11 . 2002-12-11 23:14 46592 ----a-w- c:\windows\system32\dxdllreg.exe
2009-06-11 15:11 . 2002-08-29 02:41 31744 -c--a-w- c:\windows\system32\dllcache\pid.dll
2009-06-11 15:04 . 2009-06-11 15:04 -------- d-----w- c:\program files\Microsoft Games
2009-06-11 14:33 . 2009-06-13 14:25 -------- d-----w- c:\documents and settings\****\Application Data\My Games
2009-06-11 14:25 . 2009-06-11 14:25 -------- d-----w- c:\program files\Firaxis Games
2009-06-02 22:17 . 2009-06-02 22:17 -------- d-----w- c:\documents and settings\****\Application Data\SAMSUNG
2009-06-02 22:16 . 2006-05-03 21:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2009-06-02 22:16 . 2009-06-02 22:16 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-06-02 22:16 . 2005-08-30 16:59 94000 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2009-06-02 22:16 . 2005-08-30 16:58 8304 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2009-06-02 22:16 . 2005-08-30 16:58 6144 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
2009-06-02 22:16 . 2005-08-30 16:58 6144 ----a-w- c:\windows\system32\drivers\ss_cm.sys
2009-06-02 22:16 . 2005-08-30 16:57 58320 ----a-w- c:\windows\system32\drivers\ss_bus.sys
2009-06-02 22:16 . 2005-08-30 16:57 5808 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2009-06-02 22:16 . 2005-08-30 16:57 5808 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2009-06-02 22:15 . 2006-07-24 15:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-06-02 22:15 . 2009-06-02 22:15 -------- d-----w- c:\program files\Samsung
2009-06-01 11:46 . 2009-06-01 11:58 -------- d-----w- c:\documents and settings\****\Local Settings\Application Data\Wheelman
2009-06-01 11:46 . 2009-06-01 11:46 -------- d-----w- c:\documents and settings\****\Local Settings\Application Data\PC
2009-06-01 11:21 . 2009-06-01 11:21 -------- d-----w- c:\program files\Ubisoft Entertainment
2009-05-29 17:47 . 2009-05-28 19:36 480688 ----a-w- c:\documents and settings\****\Application Data\ijjigame\ijjistarter2.exe
2009-05-28 13:45 . 2009-05-28 13:46 -------- d-----w- c:\documents and settings\****\Application Data\Raptr
2009-05-28 13:41 . 2009-05-28 13:41 -------- d-----w- c:\program files\NHN USA
2009-05-28 13:41 . 2009-05-26 16:31 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-05-28 13:41 . 2009-05-12 19:48 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-05-28 13:41 . 2008-06-11 22:01 58800 ----a-w- c:\windows\system32\ijjiPlugin2.dll
2009-05-28 13:41 . 2008-04-23 13:02 157152 ----a-w- c:\windows\system32\PubPlugin.dll
2009-05-28 13:02 . 2009-05-28 13:02 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-28 09:53 . 2009-05-28 12:25 -------- d-----w- C:\Ys Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-25 15:31 . 2008-12-21 23:25 -------- d-----w- c:\documents and settings\****\Application Data\Free Download Manager
2009-06-25 14:28 . 2008-12-21 23:55 45736 ----a-w- c:\documents and settings\****\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 09:30 . 2009-01-09 12:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 09:27 . 2009-01-09 15:15 -------- d-----w- c:\program files\EXPERTool
2009-06-24 22:46 . 2009-02-26 15:45 1389576 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-06-24 22:33 . 2008-12-21 23:47 -------- d-----w- c:\program files\Steam
2009-06-24 21:18 . 2009-03-13 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-24 20:45 . 2008-12-24 19:30 0 ----a-w- c:\windows\OZ.dat
2009-06-21 20:32 . 2008-12-26 21:36 -------- d-----w- c:\documents and settings\****\Application Data\Bioshock
2009-06-21 20:15 . 2008-12-28 19:21 -------- d-----w- c:\documents and settings\****\Application Data\FrostWire
2009-06-20 16:52 . 2009-03-07 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-06-20 16:49 . 2009-03-07 19:27 -------- d-----w- c:\program files\Nokia
2009-06-14 07:11 . 2009-01-03 18:20 -------- d-----w- c:\documents and settings\****\Application Data\FileZilla
2009-06-13 21:32 . 2009-04-13 18:22 -------- d-----w- c:\documents and settings\****\Application Data\HLSW
2009-06-13 10:01 . 2008-12-21 22:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-04 22:38 . 2009-03-13 16:25 -------- d-----w- c:\program files\Google
2009-06-04 15:29 . 2008-12-23 01:10 39 -c--a-w- c:\windows\popcinfot.dat
2009-06-03 18:04 . 2009-03-06 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5
2009-06-03 18:04 . 2009-03-31 19:24 -------- d-----w- c:\program files\Project64 1.6
2009-06-03 18:03 . 2009-03-08 20:26 -------- d-----w- c:\program files\Neffy
2009-06-03 18:02 . 2009-01-28 17:40 -------- d-----w- c:\program files\BT Broadband Talk Softphone
2009-06-03 17:57 . 2008-12-29 23:52 -------- d-----w- c:\program files\DriftCity
2009-06-02 22:14 . 2008-12-22 19:20 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-31 10:01 . 2008-12-24 02:40 -------- d-----w- c:\program files\PeerGuardian2
2009-05-29 17:47 . 2008-12-29 23:32 -------- d--h--w- c:\documents and settings\****\Application Data\ijjigame
2009-05-28 12:58 . 2009-05-22 19:27 -------- d-----w- c:\program files\CD Recovery Toolbox Free
2009-05-25 22:29 . 2009-01-08 21:08 -------- d-----w- c:\program files\Yahoo!
2009-05-25 22:29 . 2009-04-09 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-22 21:00 . 2009-01-07 10:02 -------- d-----w- c:\documents and settings\****\Application Data\Smart Recorder
2009-05-21 20:31 . 2009-05-25 22:29 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-05-20 12:19 . 2009-04-11 09:20 -------- d-----w- c:\program files\TweakNow RegCleaner Professional
2009-05-20 12:19 . 2009-03-06 15:26 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-05-20 12:19 . 2009-04-28 07:54 -------- d-----w- c:\program files\Fruit Machine Emulation
2009-05-19 23:13 . 2008-12-27 16:28 -------- d-----w- c:\program files\Maxis
2009-05-16 12:14 . 2008-12-22 00:02 -------- d-----w- c:\program files\Electronic Arts
2009-05-15 08:05 . 2009-05-15 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SimCity Societies
2009-05-14 12:16 . 2009-05-14 12:13 -------- d-----w- c:\program files\Super Mario Blue Twilight DX
2009-05-13 22:08 . 2009-05-13 22:08 -------- d-----w- c:\documents and settings\****\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73D DBBD723A6DA9D.1
2009-05-13 22:08 . 2009-05-13 22:08 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-13 22:08 . 2009-03-05 20:53 38208 ----a-w- c:\documents and settings\****\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-05-07 14:01 . 2009-05-07 14:01 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-07 14:01 . 2009-05-07 14:01 22328 ----a-w- c:\documents and settings\****\Application Data\PnkBstrK.sys
2009-05-07 14:01 . 2009-05-07 14:01 22328 ----a-w- c:\documents and settings\****\Application Data\PnkBstrK.sys
2009-05-07 14:01 . 2009-05-07 14:01 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-07 14:01 . 2009-05-07 14:01 669184 ----a-w- c:\windows\system32\pbsvc.exe
2009-05-07 14:01 . 2009-05-07 14:01 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-04 14:12 . 2008-12-23 20:39 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-02 17:09 . 2009-01-10 19:31 -------- d-----w- c:\documents and settings\****\Application Data\Ahead
2009-05-02 09:00 . 2009-05-01 21:44 34396584 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
2009-05-01 21:45 . 2009-05-01 21:45 -------- d-----w- c:\program files\PC Connectivity Solution
2009-05-01 21:43 . 2009-05-01 21:43 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst CCD.exe
2009-05-01 21:43 . 2009-05-01 21:43 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-05-01 21:43 . 2009-05-01 21:43 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\Uninst PCS.exe
2009-04-28 07:54 . 2009-04-28 07:54 737280 ----a-w- c:\windows\iun6002.exe
2009-04-28 06:21 . 2008-12-22 00:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-28 06:21 . 2008-12-27 17:34 -------- d-----w- c:\program files\OpenAL
2009-04-22 14:58 . 2008-12-24 20:04 96 ---ha-w- c:\windows\system32\HsInfo.dat
2009-04-21 23:20 . 2009-04-21 23:20 14311680 ----a-w- c:\windows\system32\xlive.dll
2009-04-21 23:20 . 2009-04-21 23:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll
2009-04-12 16:40 . 2009-04-16 20:53 81 ----a-w- c:\windows\Fonts\Non-Commercial Use.txt
2009-04-08 12:04 . 2009-04-08 12:04 12862 ----a-r- c:\documents and settings\****\Application Data\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe
2009-04-02 12:14 . 2008-12-27 16:28 531 -c--a-w- c:\windows\eReg.dat
2009-04-01 08:26 . 2009-04-01 08:26 152576 ----a-w- c:\documents and settings\****\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-10 218032]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-02-09 86016]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2008-08-14 611712]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv\\GTAIV\\GTAIV.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC_LINK.exe"=
"c:\\Program Files\\EA Games\\Mercenaries 2 World in Flames\\Mercenaries2.exe"=
"c:\\Program Files\\Steam\\steamapps\\****\\synergy\\hl2.exe"=
"c:\\Program Files\\OZ Intermedia\\OZWorld_G\\OZ.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fallout 3\\Fallout3.exe"=
"c:\\ijji\\ENGLISH\\u_skid.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle deluxe\\Peggle.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Steam\\steamapps\\****\\garrysmod\\hl2.exe" =
"c:\\Program Files\\Steam\\steamapps\\****\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager .exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\****\\source sdk base 2007\\hl2.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Download er_Engine.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\ \Release\\Bioshock.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv\\RGSC\\RGSCLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\****\\half-life\\hl.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\jade empire\\JadeEmpireLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\jade empire\\JadeEmpireConfig.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sid meier's civilization iii complete\\Conquests\\Civ3Conquests.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fallout 3\\FalloutLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\Sys tem\\KillingFloor.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Electronic Arts\\Need for Speed Carbon\\NFSC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"27015:TCP"= 27015:TCP:SteamServ1
"32140:TCP"= 32140:TCP:*isabled:SolidNetworkManager
"32140:UDP"= 32140:UDP:*isabled:SolidNetworkManager
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"27015:UDP"= 27015:UDP:steammm
"27016:TCP"= 27016:TCP:27016

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22/12/2008 00:31 114768]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [26/02/2009 22:02 13696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [22/12/2008 00:31 20560]
R3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.s ys [27/12/2006 15:47 9006]
S2 gupdate1c9a3f862c0adc2;Google Update Service (gupdate1c9a3f862c0adc2);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2009 17:25 133104]
S3 ABIT-IO;ABIT-IO;\??\c:\program files\U-ABIT\abitEQ\ABIT-IO.sys --> c:\program files\U-ABIT\abitEQ\ABIT-IO.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [01/05/2009 22:44 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [01/05/2009 22:44 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sy s --> c:\windows\system32\XDva248.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-06-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-13 03:36]

2009-06-25 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 16:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
TCP: {3CD34341-57F7-406C-91BA-32CB374B0E62} = 149.254.192.126 149.254.201.126
DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
DPF: {C9A2CBF3-B7F9-463E-A690-82CC077DCFC6} - hxxp://www.4story.com/Active_X/ZemiDetectHardware.cab
FF - ProfilePath -
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-25 17:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1592454029-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:15,ac,0c,23,17,41,4b,2e,56,2e,e9,53,dd,e3 ,01,e6,51,b2,2a,ea,d3,6c,c2,
aa,9b,5b,35,32,6c,17,34,a9,f3,65,4a,1d,32,06,39,54 ,94,ab,46,ae,a4,c3,f4,3d,\
"??"=hex:aa,d3,ad,10,3e,21,e1,5a,ee,a5,d7,2f,8a,be ,03,83

[HKEY_USERS\S-1-5-21-2000478354-1592454029-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:fd,35,26,4e,d0,e5,c0,4f,48,16,7d,58 ,c6,9e,31,52,00,5b,49,17,43,
f1,7c,01,48,12,e8,62,23,4c,86,5d,55,ed,7e,3d,23,4b ,61,e0,ff,ad,95,11,b9,49,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6 ,71,e2,54,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3756)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\program files\Nokia\Nokia PC Suite 7\GetConnected.exe
.
************************************************** ************************
.
Completion time: 2009-06-25 17:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 16:27

Pre-Run: 80,755,081,216 bytes free
Post-Run: 80,715,198,464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

Current=4 Default=4 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
338 --- E O F --- 2009-05-15 07:45
Obi Wan Kenobi is offline   Reply With Quote
Old 06-25-2009   #7
Senior Security Analyst
 
chiaz's Avatar
 
Join Date: Jun 2006
Location: Singapore
Posts: 5,353
PC Experience: PC Guru
Default Re: Could someone analyse my HiJackThis log?
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Code:
KILLALL::

File::
c:\windows\popcinfot.dat
c:\windows\system32\XDva248.sys

Driver::
XDva248

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe.

Your computer will reboot.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt later in your reply.




Now, please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis: You will only be able to have one file scanned at a time.

c:\windows\OZ.dat

Then click Submit. Allow the file to be scanned, and then please Copy/Paste the results here for me to see.

Please do the same for the following files as well:
c:\windows\system32\HsInfo.dat
c:\windows\system32\drivers\BIOS.sys

If Jotti is busy, please go to http://www.virustotal.com



Finally, I will need you to post these:

1) ComboFix.txt
2) VirusTotal results
3) Let me know if you have a desktop surveillance program installed intentionally on your PC.
chiaz is online now   Reply With Quote

Reply
Page 1 of 2 1 2

Bookmarks

Tags
analyse, hijackthis, log
Similar discussions...
Thread Thread Starter Forum Replies Last Post
Analyse This From Hijackthis mikozouko [Pending] HJT Logs 2 04-03-2009 06:08 AM
Solved: analyse Hijackthis post luckydebruijn [Fixed] Hijackthis! Logs 1 03-02-2009 08:37 PM
Solved: please, I need someone to analyse this log NourinE [Fixed] Hijackthis! Logs 7 09-28-2008 12:05 AM
please analyse this log,thanks giampiro [Fixed] Hijackthis! Logs 2 11-06-2007 04:32 PM
[Closed - duplicate] Analyse deelee42 [Fixed] Hijackthis! Logs 2 10-01-2007 11:56 AM

« Have I been Hacked? Log here... | Can't Defragment and Can't Run Disk Check »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On


Site Map - Top

All times are GMT. The time now is 12:30 PM.
Powered by vBulletin
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2