|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
12-22-2007, 07:10 AM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 8
OS: Windows XP
|
Virus Changes the Date back to year 2005 :( plz help!!
please help,
virus changes the date back to year 2005. (Kaspersky starts defucntioning due to that) plz help!! thanks in advance +++++++++++++++++++++++++++++++++++++++++++++++++++++++ Logfile of HijackThis v1.99.1 Scan saved at 10:05:44 PM, on 12/22/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnp325.exe C:\WINDOWS\vsnp325.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\NOTEPAD.EXE K:\Important Softwares\hijackthis\HijackThis.exe F2 - REG:system.ini: Shell=explorer.exe "svchost.exe" O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ASocksrv] SocksA.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\273100M.exe O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\273100L.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE O4 - HKLM\..\Run: [SSLDyn] C:\WINDOWS\SSLDyn.exe O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe O4 - HKLM\..\Run: [PTSShell] C:\WINDOWS\PTSShell.exe O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.facebook.com O15 - Trusted Zone: http://by109w.bay109.mail.live.com O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://www.lankadeepa.lk/wfplayer/tdserver.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1193409766843 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1193409734093 O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7385856D-8B79-43ED-B686-7AFE34CF8E4D}: NameServer = 202.106.0.20 202.106.46.151 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O23 - Service: 40B9CB77 - Unknown owner - C:\WINDOWS\system32\280E6F14.EXE O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: VideoAcceleratorEngine - Unknown owner - D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing) |
|
     |
|
12-23-2007, 11:06 AM
|
#2 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,354
OS: XP
|
Re: Virus Changes the Date back to year 2005 :( plz help!!
Do a HijackThis scan & place a check next to these items and select "Fix checked":
F2 - REG:system.ini: Shell=explorer.exe "svchost.exe" O4 - HKLM\..\Run: [ASocksrv] SocksA.exe O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\273100M.exe O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\273100L.exe O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE O4 - HKLM\..\Run: [SSLDyn] C:\WINDOWS\SSLDyn.exe O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe O4 - HKLM\..\Run: [PTSShell] C:\WINDOWS\PTSShell.exe O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe O23 - Service: 40B9CB77 - Unknown owner - C:\WINDOWS\system32\280E6F14.EXE Ignore any prompts for a reboot --------------- www.bleepingcomputer.com www.forospyware.com www.geekstogo.com 1. Please choose from any of the above links. Download the file & Save it to Desktop. 2. Double click on ComboFix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall |
|
|
|
|
12-24-2007, 06:23 AM
|
#3 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 8
OS: Windows XP
|
Re: Virus Changes the Date back to year 2005 :( plz help!!
Thank you very much for your help!!
I appreciate it a lot. I did according to your advice. now the date changing matter is fixed but my IE homepage has hacked by a Chinese spam site. (www zhaodao123 com & www yiqilai com) plz help me out! thanks again and merry X'mas to you! ================================================================= ComboFix 07-12-23.1 - Kass'n Kaths 2007-12-23 22:00:13.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.186 [GMT 8:00] Running from: C:\Documents and Settings\Kass'n Kaths\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Kass'n Kaths\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\002490_.tmp C:\WINDOWS\273100MM.DLL C:\WINDOWS\273100WL.DLL C:\WINDOWS\system32\90D9B6D7.DLL C:\WINDOWS\system32\akcjzj.dll C:\WINDOWS\system32\k11350833341.exe C:\WINDOWS\system32\k11350833352.exe C:\WINDOWS\system32\k11350833395.exe C:\WINDOWS\system32\k11350833406.exe C:\WINDOWS\system32\k11350833449.exe C:\WINDOWS\system32\k113508334611.exe C:\WINDOWS\system32\k113508335014.exe C:\WINDOWS\system32\k113508335216.exe C:\WINDOWS\system32\k11351188249.exe C:\WINDOWS\system32\k11351706211.exe C:\WINDOWS\system32\k11351706222.exe C:\WINDOWS\system32\k11351706233.exe C:\WINDOWS\system32\PTSShell.dll C:\WINDOWS\system32\SSLDyn.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Yiqilai C:\Program Files\Yiqilai\wmp\_keepfile C:\Program Files\Yiqilai\wmp\icon2.ico C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe C:\WINDOWS\002490_.tmp C:\WINDOWS\273100MM.DLL C:\WINDOWS\273100WL.DLL C:\WINDOWS\system32\_000008_.tmp.dll C:\WINDOWS\system32\_000009_.tmp.dll C:\WINDOWS\system32\_000010_.tmp.dll C:\WINDOWS\system32\_000011_.tmp.dll C:\WINDOWS\system32\90D9B6D7.DLL C:\WINDOWS\system32\akcjzj.dll C:\WINDOWS\system32\k11350833341.exe C:\WINDOWS\system32\k11350833352.exe C:\WINDOWS\system32\k11350833395.exe C:\WINDOWS\system32\k11350833406.exe C:\WINDOWS\system32\k11350833449.exe C:\WINDOWS\system32\k113508334611.exe C:\WINDOWS\system32\k113508335014.exe C:\WINDOWS\system32\k113508335216.exe C:\WINDOWS\system32\k11351188249.exe C:\WINDOWS\system32\k11351706211.exe C:\WINDOWS\system32\k11351706222.exe C:\WINDOWS\system32\k11351706233.exe C:\WINDOWS\system32\PTSShell.dll C:\WINDOWS\system32\SSLDyn.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_40B9CB77 -------\LEGACY_6DEB4996 -------\LEGACY_SYSLOADER -------\LEGACY_YIQILAI -------\40B9CB77 -------\6DEB4996 -------\sysloader -------\Yiqilai ((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))) . 2007-12-23 20:38 . 2007-12-23 20:38 <DIR> d-------- C:\Program Files\Sinhala Kit 2007-12-23 20:38 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2007-12-23 10:00 . 2007-12-23 10:00 <DIR> d--hs---- C:\FOUND.010 2007-12-23 09:45 . 2007-12-23 09:45 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-23 00:19 . 2007-12-23 00:19 <DIR> d-------- C:\Documents and Settings\Kass'n Kaths\temp 2007-12-23 00:09 . 2007-12-23 00:09 <DIR> d-------- C:\WINDOWS\ERUNT 2007-12-22 21:34 . 2007-12-22 21:35 70,144 --a------ C:\WINDOWS\system32\Verify.exe 2007-12-21 21:53 . 2007-12-21 21:53 <DIR> d--hs---- C:\FOUND.007 2007-12-21 21:42 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-12-21 21:40 . 2004-08-04 00:56 239,616 --------- C:\WINDOWS\system32\wstrenderer.ax 2007-12-21 21:40 . 2004-08-04 00:56 164,352 --------- C:\WINDOWS\system32\wstpager.ax 2007-12-21 21:40 . 2004-08-04 00:56 96,768 --------- C:\WINDOWS\system32\dllcache\dpcdll.dll 2007-12-21 21:40 . 2004-08-04 00:56 53,248 --------- C:\WINDOWS\system32\vbicodec.ax 2007-12-21 21:40 . 2004-08-03 23:08 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys 2007-12-21 21:40 . 2004-08-03 22:59 9,728 --------- C:\WINDOWS\system32\comsdupd.exe 2007-12-21 21:37 . 2004-08-04 00:56 93,184 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe 2007-12-21 21:36 . 2007-12-21 21:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2007-12-21 21:32 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll 2007-12-21 21:20 . 2007-12-21 21:20 <DIR> d-------- C:\WINDOWS\EHome 2007-12-20 01:28 . 2007-12-20 01:28 <DIR> d--hs---- C:\FOUND.006 2007-12-20 01:23 . 2007-12-20 01:23 <DIR> d-------- C:\Program Files\Kaspersky Lab 2007-12-20 01:21 . 2007-12-20 01:24 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-12-20 01:21 . 2007-12-20 01:24 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-12-20 01:09 . 2007-12-20 01:09 <DIR> d--hs---- C:\FOUND.005 2007-12-20 00:58 . 2007-12-20 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-12-20 00:29 . 2007-12-20 00:29 <DIR> d--hs---- C:\FOUND.004 2007-12-20 00:02 . 2007-12-20 00:02 <DIR> d--hs---- C:\FOUND.003 2007-12-02 16:41 . 2007-12-02 16:41 <DIR> d-------- C:\Program Files\SopCast 2007-12-02 16:41 . 2007-12-02 16:41 <DIR> d-------- C:\Documents and Settings\Kass'n Kaths\Application Data\SopCast 2007-12-01 21:35 . 2007-12-01 21:35 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-11-30 22:24 . 2007-11-30 22:24 <DIR> d-------- C:\Documents and Settings\Kass'n Kaths\Application Data\Yahoo! 2007-11-30 22:15 . 2007-11-30 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo! 2007-11-30 21:58 . 2007-11-30 21:58 <DIR> d-------- C:\Program Files\Yahoo! 2007-11-30 01:02 . 2007-12-23 20:23 10 --a------ C:\WINDOWS\popcinfo.dat 2007-11-30 00:47 . 2007-11-30 00:47 <DIR> d-------- C:\Program Files\GameHouse 2007-11-26 11:58 . 2007-11-26 11:58 <DIR> d-------- C:\WINDOWS\LogFiles 2007-11-24 19:27 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys 2007-11-24 19:27 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys 2007-11-23 14:37 . 2005-08-06 19:27 <DIR> d-------- C:\Program Files\AviSynth 2.5 2007-11-23 14:37 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll 2007-11-23 14:37 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe 2007-11-23 14:37 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll 2007-11-23 14:37 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll 2007-11-23 14:37 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe 2007-11-23 14:37 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe 2007-11-23 14:37 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-11-23 14:37 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll 2007-11-23 14:37 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe 2007-11-23 14:37 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll 2007-11-23 14:35 . 2007-11-23 14:35 <DIR> d-------- C:\Program Files\eRightSoft 2007-11-23 13:16 . 2007-11-23 13:16 <DIR> d--hs---- C:\FOUND.002 2007-11-23 12:11 . 2007-11-23 12:11 <DIR> d--hs---- C:\FOUND.001 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-23 04:18 8,992 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-12-23 04:18 8,036 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-23 04:18 483,328 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-23 04:18 1,892 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-12-22 13:35 19,171 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe 2007-12-01 13:24 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2007-12-01 13:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2007-11-16 13:25 --------- d-----w C:\Program Files\uTorrent 2007-11-16 13:25 --------- d-----w C:\Documents and Settings\Kass'n Kaths\Application Data\uTorrent 2007-11-14 15:11 --------- d-----w C:\Program Files\VeryPDF PDF2Word v3.0 2007-11-10 03:17 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe 2007-11-10 03:17 --------- d-----w C:\Program Files\PDF Editor 2 2007-11-10 03:06 --------- d-----w C:\Program Files\GPLGS 2007-11-06 02:58 --------- d-----w C:\Program Files\Common Files\Skype 2007-10-27 14:17 --------- d-----w C:\Program Files\Windows Media Components 2007-10-27 14:04 --------- d-----w C:\Program Files\TVUBroadcaster 2007-09-25 15:47 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((( snapshot@2007-12-23_ 9.54.35.95 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-23 01:26:46 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-12-23 14:07:52 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2007-12-23 01:26:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-12-23 14:07:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2007-12-23 01:26:46 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2007-12-23 14:07:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2005-01-11 07:58:30 5,632 ------w C:\WINDOWS\system32\dllcache\kbdsn1.dll + 2005-01-11 07:58:30 6,656 ------w C:\WINDOWS\system32\dllcache\kbdsw09.dll - 2007-12-21 13:53:22 265,416 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2007-12-23 14:07:20 266,208 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2005-01-11 07:58:30 5,632 ------w C:\WINDOWS\system32\kbdsn1.dll + 2005-01-11 07:58:30 6,656 ------w C:\WINDOWS\system32\kbdsw09.dll - 2004-08-03 16:56:48 406,528 ----a-w C:\WINDOWS\system32\usp10.dll + 2005-01-07 09:02:40 438,784 ----a-w C:\WINDOWS\system32\usp10.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "PictureShow"="C:\Program Files\PictureShow\poco_tools.exe" [2007-11-01 19:38] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-06-10 19:12 C:\WINDOWS\SOUNDMAN.EXE] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32] "MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 20:00] "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 20:00] "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 20:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-01-30 17:50] "tsnp325"="C:\WINDOWS\tsnp325.exe" [2006-10-10 15:49] "snp325"="C:\WINDOWS\vsnp325.exe" [2006-10-10 14:11] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-16 22:39:49] Sinhala Kit.lnk - C:\Program Files\Sinhala Kit\SinhalaKit.exe [2007-12-23 20:38:54] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] S3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-01-27 09:56] . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-23 22:09:16 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-23 22:10:24 - machine was rebooted C:\ComboFix2.txt ... 2007-12-23 09:55 ========================================================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:21:02 PM, on 12/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\FixCamera.exe C:\WINDOWS\tsnp325.exe C:\WINDOWS\vsnp325.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Sinhala Kit\SinhalaKit.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zhaodao123.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PictureShow] "C:\Program Files\PictureShow\poco_tools.exe" -p PictureShow O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Sinhala Kit.lnk = C:\Program Files\Sinhala Kit\SinhalaKit.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download All Files by HiDownload - C:\Program Files\HiDownload\HDGetAll.htm O8 - Extra context menu item: Download by HiDownload - C:\Program Files\HiDownload\HDGet.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Ò»ÆðÀ´ÒôÀÖÉçÇø - {7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} - http://www.yiqilai.com (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files\HiDownload\hidownload.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.facebook.com O15 - Trusted Zone: http://by109w.bay109.mail.live.com O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://www.lankadeepa.lk/wfplayer/tdserver.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1193409766843 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1193409734093 O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7385856D-8B79-43ED-B686-7AFE34CF8E4D}: NameServer = 202.106.0.20 202.106.46.151 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: VideoAcceleratorEngine - Unknown owner - D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing) -- End of file - 8449 bytes |
|
|
|
|
12-24-2007, 06:29 AM
|
#4 (permalink) | ||
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,354
OS: XP
|
Re: Virus Changes the Date back to year 2005 :( plz help!!
Quote:
Quote:
Do not run anymore CFScripts unless it's from me.  Last edited by sUBs : 12-24-2007 at 06:31 AM. |
||
|
|
|
|
12-24-2007, 08:23 PM
|
#5 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 8
OS: Windows XP
|
Re: Virus Changes the Date back to year 2005 :( plz help!!
sorry about the extra work i did. it was my friend who instructed. sorry again.
herewith i'm posting the log you asked. thanks for your help. wish u merry X'mas! ======================================================================= ComboFix 07-12-23.1 - Kass'n Kaths 2007-12-23 9:47:58.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.192 [GMT 8:00] Running from: C:\Documents and Settings\Kass'n Kaths\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\auto.exe C:\Autorun.inf C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\finder.dll C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\kXUidJeCex_3105 C:\Documents and Settings\All Users\Application Data.\microsoft\office\system\sysloader.exe C:\Documents and Settings\All Users\Application Data.\microsoft\office\userdata\webbrowser_3105.dll C:\Documents and Settings\All Users\Application Data.\microsoft\pctools C:\Documents and Settings\All Users\Application Data.\microsoft\pctools\pctools.dll C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll C:\Program Files\ad4all C:\Program Files\ad4all\Install.exe C:\Program Files\ad4all\install.ini C:\Program Files\ad4all\link1\eachlink.htm C:\Program Files\ad4all\link1\eachlink.ico C:\Program Files\ad4all\link1\ebaylink.ico C:\Program Files\ad4all\link1\install.ini C:\Program Files\ad4all\link1\Thumbs.db C:\Program Files\Common Files\cpush C:\Program Files\Common Files\cpush\cpush.dll C:\Program Files\Common Files\cpush\Uninst.exe C:\RECYCLER\winow.dll C:\WINDOWS\KB611311.log C:\WINDOWS\msprint32d.exe C:\WINDOWS\NVDispDrv.exe C:\WINDOWS\rising129.exe C:\WINDOWS\rising275.exe C:\WINDOWS\rising616.exe C:\WINDOWS\rising708.exe C:\WINDOWS\rising771.exe C:\WINDOWS\rising793.exe C:\WINDOWS\rising831.exe C:\WINDOWS\system32\280E6F14.EXE C:\WINDOWS\system32\avpsrv.dll C:\WINDOWS\system32\cmdbcs.dll C:\WINDOWS\system32\d3d1caps.srg C:\WINDOWS\system32\DbgHlp32.dll C:\WINDOWS\system32\dodolook591.exe C:\WINDOWS\system32\drivers\acpidisk.sys C:\WINDOWS\system32\k119808561411.exe C:\WINDOWS\system32\k119808562016.exe C:\WINDOWS\system32\k11981143907.exe C:\WINDOWS\system32\k119811439611.exe C:\WINDOWS\system32\k119811440315.exe C:\WINDOWS\system32\k119811440416.exe C:\WINDOWS\system32\k119819082611.exe C:\WINDOWS\system32\k119819083216.exe C:\WINDOWS\system32\k11982193051.exe C:\WINDOWS\system32\k11982193062.exe C:\WINDOWS\system32\k11982193084.exe C:\WINDOWS\system32\k11982193137.exe C:\WINDOWS\system32\k119821932511.exe C:\WINDOWS\system32\k119821933216.exe C:\WINDOWS\system32\k11982426245.exe C:\WINDOWS\system32\k11982426277.exe C:\WINDOWS\system32\k119824263211.exe C:\WINDOWS\system32\k119824263715.exe C:\WINDOWS\system32\k119824263816.exe C:\WINDOWS\system32\k11982456371.exe C:\WINDOWS\system32\k11982456393.exe C:\WINDOWS\system32\k11982456487.exe C:\WINDOWS\system32\k11982456508.exe C:\WINDOWS\system32\k119824565311.exe C:\WINDOWS\system32\k119824565512.exe C:\WINDOWS\system32\k119824566016.exe C:\WINDOWS\system32\k119829566511.exe C:\WINDOWS\system32\k119829567216.exe C:\WINDOWS\system32\k11983138212.exe C:\WINDOWS\system32\k11983138233.exe C:\WINDOWS\system32\k11983138255.exe C:\WINDOWS\system32\k11983138307.exe C:\WINDOWS\system32\k119831383511.exe C:\WINDOWS\system32\k119831383612.exe C:\WINDOWS\system32\k119831383814.exe C:\WINDOWS\system32\k119831383915.exe C:\WINDOWS\system32\k119831384116.exe C:\WINDOWS\system32\k11983228443.exe C:\WINDOWS\system32\k11983228454.exe C:\WINDOWS\system32\k11983228465.exe C:\WINDOWS\system32\k11983228497.exe C:\WINDOWS\system32\k119832285411.exe C:\WINDOWS\system32\k119832285915.exe C:\WINDOWS\system32\k119832286016.exe C:\WINDOWS\system32\k11983243772.exe C:\WINDOWS\system32\k11983243783.exe C:\WINDOWS\system32\k11983243804.exe C:\WINDOWS\system32\k11983243815.exe C:\WINDOWS\system32\k11983243826.exe C:\WINDOWS\system32\k11983243837.exe C:\WINDOWS\system32\k11983243869.exe C:\WINDOWS\system32\k119832438710.exe C:\WINDOWS\system32\k119832438811.exe C:\WINDOWS\system32\k119832439315.exe C:\WINDOWS\system32\k119832439416.exe C:\WINDOWS\system32\kvsc3.dll C:\WINDOWS\system32\LotusHlp.dll C:\WINDOWS\system32\lyloader.exe C:\WINDOWS\system32\lyloadmr.exe C:\WINDOWS\system32\lymangr.dll C:\WINDOWS\system32\mhsha1.dat C:\WINDOWS\system32\mppds.dll C:\WINDOWS\system32\mprmsgse.axz C:\WINDOWS\system32\msccrt.dll C:\WINDOWS\system32\mscpx32r.det C:\WINDOWS\system32\msdeg32.dll C:\WINDOWS\system32\msimms32.dll C:\WINDOWS\system32\MsPrint32D.dll C:\WINDOWS\system32\nvdispdrv.dll C:\WINDOWS\system32\SHQ.DLL C:\WINDOWS\system32\SHQMANGR.DLL C:\WINDOWS\system32\svchost.dat C:\WINDOWS\system32\upxdnd.dll C:\WINDOWS\ufdata2000.log G:\auto.exe G:\Autorun.inf H:\auto.exe H:\Autorun.inf I:\auto.exe I:\Autorun.inf C:\Documents and Settings\All Users\Application Data.\microsoft\office\userdata . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_ACPIDISK -------\acpidisk ((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 ))))))))))))))))))))))))))))))) . 2007-12-23 09:45 . 2007-12-23 09:45 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-23 00:19 . 2007-12-23 00:19 <DIR> d-------- C:\Documents and Settings\Kass'n Kaths\temp 2007-12-23 00:09 . 2007-12-23 00:09 <DIR> d-------- C:\WINDOWS\ERUNT 2007-12-22 21:34 . 2007-12-22 21:35 70,144 --a------ C:\WINDOWS\system32\Verify.exe 2007-12-21 21:53 . 2007-12-21 21:53 <DIR> d--hs---- C:\FOUND.007 2007-12-21 21:42 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-12-21 21:40 . 2004-08-04 00:56 239,616 --------- C:\WINDOWS\system32\wstrenderer.ax 2007-12-21 21:40 . 2004-08-04 00:56 164,352 --------- C:\WINDOWS\system32\wstpager.ax 2007-12-21 21:40 . 2004-08-04 00:56 96,768 --------- C:\WINDOWS\system32\dllcache\dpcdll.dll 2007-12-21 21:40 . 2004-08-04 00:56 53,248 --------- C:\WINDOWS\system32\vbicodec.ax 2007-12-21 21:40 . 2004-08-03 23:08 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys 2007-12-21 21:40 . 2004-08-03 22:59 9,728 --------- C:\WINDOWS\system32\comsdupd.exe 2007-12-21 21:36 . 2007-12-21 21:36 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2007-12-21 21:32 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll 2007-12-21 21:28 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002490_.tmp 2007-12-21 21:20 . 2007-12-21 21:20 <DIR> d-------- C:\WINDOWS\EHome 2007-12-21 21:14 . 2007-12-21 21:14 2,446 --a------ C:\WINDOWS\system32\k11351706233.exe 2007-12-21 21:14 . 2007-12-21 21:14 1,823 --a------ C:\WINDOWS\system32\k11351706222.exe 2007-12-21 21:13 . 2007-12-21 21:14 2,082 --a------ C:\WINDOWS\system32\k11351706211.exe 2007-12-21 06:50 . 2007-12-21 06:50 2,594 --a------ C:\WINDOWS\system32\k11351188249.exe 2007-12-20 21:00 . 2007-12-20 22:00 2,450 --a------ C:\WINDOWS\system32\k113508335216.exe 2007-12-20 20:58 . 2007-12-20 20:58 42,801 --a------ C:\WINDOWS\system32\k113508334611.exe 2007-12-20 20:58 . 2007-12-20 20:58 17,166 --a------ C:\WINDOWS\system32\k11350833395.exe 2007-12-20 20:58 . 2007-12-20 20:58 16,891 --a------ C:\WINDOWS\system32\k11350833449.exe 2007-12-20 20:58 . 2007-12-20 20:58 16,828 --a------ C:\WINDOWS\system32\k11350833406.exe 2007-12-20 20:58 . 2007-12-20 20:58 15,418 --a------ C:\WINDOWS\system32\k11350833352.exe 2007-12-20 20:58 . 2007-12-20 20:58 15,360 --a------ C:\WINDOWS\system32\k11350833341.exe 2007-12-20 20:58 . 2007-12-20 20:58 15,158 --a------ C:\WINDOWS\system32\k113508335014.exe 2007-12-20 01:37 . 2007-12-22 20:00 44,337 --a------ C:\WINDOWS\273100WL.DLL 2007-12-20 01:36 . 2005-12-22 21:57 52,300 --ahs---- C:\WINDOWS\273100MM.DLL 2007-12-20 01:29 . 2007-12-20 01:29 28,672 --a------ C:\WINDOWS\system32\akcjzj.dll 2007-12-20 01:28 . 2007-12-20 01:28 <DIR> d--hs---- C:\FOUND.006 2007-12-20 01:23 . 2007-12-20 01:23 <DIR> d-------- C:\Program Files\Kaspersky Lab 2007-12-20 01:21 . 2007-12-20 01:24 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-12-20 01:21 . 2007-12-20 01:24 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-12-20 01:20 . 2007-12-23 00:18 26,624 --a------ C:\WINDOWS\system32\PTSShell.dll 2007-12-20 01:09 . 2007-12-20 01:09 <DIR> d--hs---- C:\FOUND.005 2007-12-20 00:58 . 2007-12-20 00:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2007-12-20 00:29 . 2007-12-20 00:29 <DIR> d--hs---- C:\FOUND.004 2007-12-20 00:02 . 2007-12-20 00:02 <DIR> d--hs---- C:\FOUND.003 2007-12-02 16:41 . 2007-12-02 16:41 <DIR> d-------- C:\Program Files\SopCast 2007-12-02 16:41 . 2007-12-02 16:41 <DIR> d-------- C:\Documents and Settings\Kass'n Kaths\Application Data\SopCast 2007-12-01 21:35 . 2007-12-01 21:35 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-11-30 22:24 . 2007-11-30 22:24 <DIR> d-------- C:\Documents and Settings\Kass'n Kaths\Application Data\Yahoo! 2007-11-30 22:15 . 2007-11-30 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo! 2007-11-30 21:58 . 2007-11-30 21:58 <DIR> d-------- C:\Program Files\Yahoo! 2007-11-30 01:02 . 2007-12-22 18:34 10 --a------ C:\WINDOWS\popcinfo.dat 2007-11-30 00:47 . 2007-11-30 00:47 <DIR> d-------- C:\Program Files\GameHouse 2007-11-26 11:58 . 2007-11-26 11:58 <DIR> d-------- C:\WINDOWS\LogFiles 2007-11-24 19:27 . 2004-08-03 23:10 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys 2007-11-24 19:27 . 2004-08-03 23:10 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys 2007-11-23 14:37 . 2005-08-06 19:27 <DIR> d-------- C:\Program Files\AviSynth 2.5 2007-11-23 14:37 . 2004-02-22 10:11 719,872 --a------ C:\WINDOWS\system32\devil.dll 2007-11-23 14:37 . 2006-10-07 17:43 502,784 --a------ C:\WINDOWS\x2.64.exe 2007-11-23 14:37 . 2007-05-14 15:24 394,240 --a------ C:\WINDOWS\system32\Smab.dll 2007-11-23 14:37 . 2007-05-17 17:30 318,976 --a------ C:\WINDOWS\system32\avisynth.dll 2007-11-23 14:37 . 2005-02-28 13:16 240,128 --a------ C:\WINDOWS\system32\x.264.exe 2007-11-23 14:37 . 2006-04-12 09:47 217,073 --a------ C:\WINDOWS\meta4.exe 2007-11-23 14:37 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-11-23 14:37 . 2004-01-25 00:00 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll 2007-11-23 14:37 . 2006-04-05 08:09 66,560 --a------ C:\WINDOWS\MOTA113.exe 2007-11-23 14:37 . 2005-07-14 12:31 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll 2007-11-23 14:35 . 2007-11-23 14:35 <DIR> d-------- C:\Program Files\eRightSoft 2007-11-23 13:16 . 2007-11-23 13:16 <DIR> d--hs---- C:\FOUND.002 2007-11-23 12:11 . 2007-11-23 12:11 <DIR> d--hs---- C:\FOUND.001 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-23 01:53 45,056 ----a-w C:\WINDOWS\system32\90D9B6D7.DLL 2007-12-23 01:52 8,736 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-12-23 01:52 8,012 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-23 01:52 483,328 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-23 01:52 1,868 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-12-22 16:18 127,488 ----a-w C:\WINDOWS\system32\SSLDyn.dll 2007-12-22 13:35 19,171 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe 2007-12-01 13:24 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2007-12-01 13:24 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2007-11-16 13:25 --------- d-----w C:\Program Files\uTorrent 2007-11-16 13:25 --------- d-----w C:\Documents and Settings\Kass'n Kaths\Application Data\uTorrent 2007-11-14 15:11 --------- d-----w C:\Program Files\VeryPDF PDF2Word v3.0 2007-11-10 03:17 74,752 ----a-w C:\WINDOWS\cadkasdeinst01e.exe 2007-11-10 03:17 --------- d-----w C:\Program Files\PDF Editor 2 2007-11-10 03:06 --------- d-----w C:\Program Files\GPLGS 2007-11-06 02:58 --------- d-----w C:\Program Files\Common Files\Skype 2007-10-27 14:17 --------- d-----w C:\Program Files\Windows Media Components 2007-10-27 14:04 --------- d-----w C:\Program Files\TVUBroadcaster 2007-09-25 15:47 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll 2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] "PictureShow"="C:\Program Files\PictureShow\poco_tools.exe" [2007-11-01 19:38] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2003-06-10 19:12 C:\WINDOWS\SOUNDMAN.EXE] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32] "MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 20:00] "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 20:00] "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 20:00] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51] "FixCamera"="C:\WINDOWS\FixCamera.exe" [2007-01-30 17:50] "tsnp325"="C:\WINDOWS\tsnp325.exe" [2006-10-10 15:49] "snp325"="C:\WINDOWS\vsnp325.exe" [2006-10-10 14:11] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "WinSysW"="C:\WINDOWS\273100L.exe" [] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-16 22:39:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58] R3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-01-27 09:56] S2 40B9CB77;40B9CB77;C:\WINDOWS\system32\280E6F14.EXE -k [] S2 6DEB4996;6DEB4996;C:\WINDOWS\system32\3A9F0278.EXE -g [] S2 sysloader;System Event loader;"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe" [] S2 Yiqilai;Ò»ÆðÀ´ÒôÀÖÖúÊÖ;"C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe" [2007-10-18 10:15] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] \Shell\Auto\command - C:\auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\Auto\command - G:\auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\Auto\command - H:\auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\Auto\command - I:\auto.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-23 09:54:07 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-23 9:55:29 - machine was rebooted |
|
|
|
|
12-25-2007, 12:46 AM
|
#6 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,354
OS: XP
|
Re: Virus Changes the Date back to year 2005 :( plz help!!
ComboFix is a very powerful tool. No untrained personnel should ever run their own cfscripts. It has the capability to render machines unbootable. Your friend is lucky in the sense that your machine is still operational. Please advise him/her never to do it again. The word 'Sorry' is poor recompense if the machine's busted.
---------- You have a Chinese infection. Let's use a Chinese tool on it.  Please download this tool > System Repair Engineer
Note: You may have to rename SREngLog.log to SREngLog.txt before attaching |
|
|
|
|
12-25-2007, 07:42 AM
|
#7 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 8
OS: Windows XP
|
Re: Virus Changes the Date back to year 2005 :( plz help!!
Thank you again for your help and advice. I understood how serious that mistake was. I will be more responsible. herewith I attached the SREng log. thanks again merry X'mas Code:
2007-12-25,22:34:13
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<PictureShow><"C:\Program Files\PictureShow\poco_tools.exe" -p PictureShow> [(Verified)Guangzhou ShuLian Software Technology Ltd]
<PICer><"C:\Program Files\PICer\poco_tools.exe" -p PICer> [(Verified)Guangzhou ShuLian Software Technology Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Publisher]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<Adobe Photo Downloader><"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"> [(Verified)Adobe Systems Incorporated]
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<FixCamera><C:\WINDOWS\FixCamera.exe> []
<tsnp325><C:\WINDOWS\tsnp325.exe> []
<snp325><C:\WINDOWS\vsnp325.exe> []
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\System32\klogon.dll> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4b218e3e-bc98-4770-93d3-2731b9329278}]
<Internet Explorer><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
==================================
Startup Folders
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Sinhala Kit]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sinhala Kit.lnk --> C:\PROGRA~1\SINHAL~1\SINHAL~1.EXE [Microimage]><N>
==================================
Services
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><>
[Asipsv / Asipsv][Stopped/Manual Start]
<><N/A>
[Kaspersky Internet Security 7.0 / AVP][Running/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r><Kaspersky Lab>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[VideoAcceleratorEngine / VideoAcceleratorEngine][Stopped/Manual Start]
<D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe -start -scm><N/A>
==================================
Drivers
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[catchme / catchme][Stopped/Manual Start]
<\??\C:\DOCUME~1\KASS'N~1\LOCALS~1\Temp\catchme.sys><N/A>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\System32\drivers\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
<System32\DRIVERS\klim5.sys><Kaspersky Lab>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315][Running/Manual Start]
<System32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
<System32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[USB PC Camera (SNPSTD325) / SNP325][Running/Manual Start]
<System32\DRIVERS\snp325.sys><Sonix Co. Ltd.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
==================================
Browser Add-ons
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Skype add-on (mastermind)]
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[RealPlayer Download and Record Plugin for Internet Explorer]
{3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, RealPlayer>
[Yahoo! IE Services Button]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Java Plug-in 1.6.0_03]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Web Anti-Virus statistics]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll, Kaspersky Lab>
[Yahoo! IE Services Button]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[Skype add-on (button)]
{77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[Ò»ÆðÀ´ÒôÀÖÉçÇø]
{7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} <http://www.yiqilai.com, N/A>
[&Research]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[HiDownload]
{F4FBA929-A891-492C-A0F6-5C79CC4F1742} <C:\Program Files\HiDownload\hidownload.exe, StreamingStar Technology Inc.>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[YInstStarter Class]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\Program Files\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.>
[CTVUAxCtrl Object]
{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} <C:\Program Files\TVUPlayer\TVUAx.dll, TVU networks>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\System32\muweb.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[SopCore Control]
{8FEFF364-6A5F-4966-A917-A3AC28411659} <C:\PROGRA~1\SopCast\ActiveX\SopCore.ocx, >
[mhLabel Class]
{9732FB42-C321-11D1-836F-00A0C993F125} <C:\WINDOWS\Downloaded Program Files\mhLbl.dll, >
[NsvPlayX Control]
{C5E28B9D-0A68-4B50-94E9-E8F6B4697514} <C:\PROGRA~1\COMMON~1\NSV\NSVPLA~1.DLL, * * *>
[Java Plug-in 1.5.0_04]
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[IWinAmpActiveX Class]
{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} <C:\PROGRA~1\COMMON~1\Nullsoft\ActiveX\2.4\AmpX.dll, >
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, Microsoft Corporation>
[Skype add-on (mastermind)]
{22BF413B-C6D2-4D91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[RealPlayer Download and Record Plugin for Internet Explorer]
{3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, RealPlayer>
[Yahoo! IE Services Button]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Skype add-on (button)]
{77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[MessengerChecker Class]
{DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, TODO: <Company name>>
[&Clean Traces]
<C:\Program Files\DAP\Privacy Package\dapcleanerie.htm, N/A>
[&Download with &DAP]
<C:\Program Files\DAP\dapextie.htm, N/A>
[&Yahoo! Search]
<file:///C:\Program Files\Yahoo!\Common/ycsrch.htm, N/A>
[Add to Anti-Banner]
<C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm, N/A>
[Download &all with DAP]
<C:\Program Files\DAP\dapextie2.htm, N/A>
[Download All Files by HiDownload]
<C:\Program Files\HiDownload\HDGetAll.htm, N/A>
[Download by HiDownload]
<C:\Program Files\HiDownload\HDGet.htm, N/A>
[E&xport to Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[Yahoo! &Dictionary]
<file:///C:\Program Files\Yahoo!\Common/ycdict.htm, N/A>
[Yahoo! &Maps]
<file:///C:\Program Files\Yahoo!\Common/ycmap.htm, N/A>
[Yahoo! &SMS]
<file:///C:\Program Files\Yahoo!\Common/ycsms.htm, N/A>
==================================
Running Processes
[PID: 676 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 788 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Mi |
