thinkpad Posted October 24, 2007 Report Share Posted October 24, 2007 (edited) Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:26:34 PM, on 10/23/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exeC:\WINDOWS\System32\TPHDEXLG.EXEC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeC:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\TpShocks.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exeC:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeC:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\regsvr32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\ThinkPad\Bluetooth Software\BTTray.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Pidgin\pidgin.exeC:\WINDOWS\system32\wbem\wmiapsrv.exeC:\Documents and Settings\Young Eun Choi\My Documents\HijackThis\HJTInstall.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helperO4 - HKLM\..\Run: [TpShocks] TpShocks.exeO4 - HKLM\..\Run: [TP4EX] tp4ex.exeO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /trayO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -DelayO4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exeO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exeO4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeO4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitorO4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLogO4 - HKLM\..\Run: [hezqnwvo] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hezqnwvo.dll"O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Bluetooth.lnk = ?O4 - Global Startup: Digital Line Detect.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dllO9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [JAVA_IBM] Java (IBM)O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191683414671O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocxO20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeO23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exeO23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exeO23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXEO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe--End of file - 10198 bytes Edited October 24, 2007 by thinkpadgirl Link to post Share on other sites
Andro1d Posted October 26, 2007 Report Share Posted October 26, 2007 Hello and Welcome to BT. I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today. As a heads up, during the process of removing malware from your computer, there are times you may need to use specialized fix tools. This is especially true if you are receiving help from a member of the HJT Team. Certain embedded files that are part of these specialized fix tools may at times be detected by your anti-virus or anti-malware scanner as a "RiskTool", "Hacking tool", "Potentially unwanted tool", a virus or a "Trojan" when that is not the case.These tools have been carefully created and tested by security experts so if your anti-virus or anti-malware program flags them as malware, the detection is what's known as a "False Positive". Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases, the removal of these files can have "unpredictable results" and unintentional results. To avoid any problems while using a specialized tool it is very important that you temporarily disable your anti-virus and/or anti-malware programs before using them or when instructed by a member of the HJT Team.Many folks may not be sure how to do this so the Bleeping Computer Staff has created a list of common anti-virus programs and the relevant steps to disable their Real-time protection capabilities. When your system has been cleaned or when advised by your helper, it is important that you re-enable your security programs to avoid re-infection. A special thanks to Yourhighness for the diligent effort in compiling this list.Step 1Please go to UploadMalware to upload a suspicious file for analysis. Enter your username from this forumCopy and paste the link to this threadBrowse for this filename: C:\Documents and Settings\All Users\Application Data\hezqnwvo.dllIn the comments, please mention that I asked you to upload this file for AtribuneClick on Send FileStep 2Please re-open HijackThis and scan. Check the boxes next to all the entries listed below. O4 - HKLM\..\Run: [hezqnwvo] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hezqnwvo.dll"Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis. Step 3Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.Scroll down to where it says "Java Runtime Environment (JRE)6 Update 3...allows end-users to run Java applications".Click the "Download" button to the right.Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.Click on the link to download Windows Offline Installation and save the file to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.Step 4Please do an online scan with Kaspersky WebScannerClick on Kaspersky Online ScannerYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXTNow click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail Bases[*]Click OK[*]Now under select a target to scan:Select My Computer[*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:[*]Save the file to your desktop.[*]Copy and paste that information in your next pos along with a fresh HJT Log and how the upload went. Link to post Share on other sites
thinkpad Posted October 27, 2007 Author Report Share Posted October 27, 2007 Thank you MoNsTeReNeRgY22!!Saturday, October 27, 2007 3:09:42 AMOperating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)Kaspersky Online Scanner version: 5.0.98.0Kaspersky Anti-Virus database last update: 27/10/2007Kaspersky Anti-Virus database records: 446926Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\D:\ Scan Statistics Total number of scanned objects 72154 Number of viruses found 12 Number of infected objects 49 Number of suspicious objects 0 Duration of the scan process 01:00:53 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Client Firewall\System.log Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Young Eun Choi\Application Data\.purple\logs\aim\ooyoungunoo\janieyi\2007-10-27.015450-0400EDT.txt Object is locked skipped C:\Documents and Settings\Young Eun Choi\Application Data\.purple\logs\aim\ooyoungunoo\jenstar885\2007-10-27.015703-0400EDT.txt Object is locked skipped C:\Documents and Settings\Young Eun Choi\Application Data\.purple\logs\aim\ooyoungunoo\sejin53\2007-10-27.020035-0400EDT.txt Object is locked skipped C:\Documents and Settings\Young Eun Choi\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F1.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.sa skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F1.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.sb skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F1.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.sa skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F1.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Agent.rq skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F1.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Agent.sd skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F1.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.sd skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F1.tmp NSIS: infected - 6 skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F5.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.sa skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F5.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.sb skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F5.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.sa skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F5.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Agent.rq skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F5.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Agent.sd skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F5.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.sd skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F5.tmp NSIS: infected - 6 skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F9.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.sa skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F9.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Agent.ru skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F9.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.ru skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F9.tmp NSIS: infected - 3 skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2FB.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.ix skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2FB.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.sa skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2FB.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Vapsup.ip skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2FB.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.io skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2FB.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.io skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2FB.tmp NSIS: infected - 5 skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\History\History.IE5\MSHist012007102720071028\index.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\Perflib_Perfdata_690.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\Perflib_Perfdata_bc4.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\~DF5987.tmp Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\~DF8DF8.tmp Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\~DF8E05.tmp Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\87L7UUN9\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\87L7UUN9\search1[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\87L7UUN9\search[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\B5V8TN3C\search[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\E78712JE\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\E78712JE\search1[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\E78712JE\search[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\ELPAZ2LK\backups\backup-20071023-220301-635.dll Infected: not-a-virus:AdWare.Win32.Vapsup.ik skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\ELPAZ2LK\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\ELPAZ2LK\search[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\FP8C9JBX\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\FP8C9JBX\search1[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\LRFJ1XG2\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\OHUFW1M3\search[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\QEQHXH4I\search[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\QEQHXH4I\search[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\QEQHXH4I\search[3].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\QL8BYHGD\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\RFX9PDHM\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\UV0V6TGB\search[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\WHAN8HYR\search[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\XSXPJX97\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\XSXPJX97\search[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Young Eun Choi\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT465NAV~.TMP Object is locked skipped C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT771NAV~.TMP Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP67\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\kthemup.exe Infected: not-a-virus:AdWare.Win32.Vapsup.ij skipped C:\WINDOWS\ocgrep.dll Infected: not-a-virus:AdWare.Win32.Agent.ro skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{5B7E08BC-156C-4A17-A1DE-8F1E7C3BD194}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped C:\WINDOWS\system32\profile.dat Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:12:33 AM, on 10/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exeC:\WINDOWS\System32\TPHDEXLG.EXEC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeC:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\TpShocks.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exeC:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeC:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Pidgin\pidgin.exeC:\Documents and Settings\Young Eun Choi\My Documents\HijackThis\HJTInstall.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helperO4 - HKLM\..\Run: [TpShocks] TpShocks.exeO4 - HKLM\..\Run: [TP4EX] tp4ex.exeO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /trayO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -DelayO4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exeO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exeO4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeO4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitorO4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLogO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Bluetooth.lnk = ?O4 - Global Startup: Digital Line Detect.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [JAVA_IBM] Java (IBM)O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191683414671O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocxO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeO23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exeO23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exeO23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXEO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe--End of file - 10678 bytes Link to post Share on other sites
thinkpad Posted October 27, 2007 Author Report Share Posted October 27, 2007 Thank you MoNsTeReNeRgY22!!Saturday, October 27, 2007 3:09:42 AMOperating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)Kaspersky Online Scanner version: 5.0.98.0Kaspersky Anti-Virus database last update: 27/10/2007Kaspersky Anti-Virus database records: 446926Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer C:\D:\ Scan Statistics Total number of scanned objects 72154 Number of viruses found 12 Number of infected objects 49 Number of suspicious objects 0 Duration of the scan process 01:00:53 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Client Firewall\System.log Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Young Eun Choi\Application Data\.purple\logs\aim\ooyoungunoo\janieyi\2007-10-27.015450-0400EDT.txt Object is locked skipped C:\Documents and Settings\Young Eun Choi\Application Data\.purple\logs\aim\ooyoungunoo\jenstar885\2007-10-27.015703-0400EDT.txt Object is locked skipped C:\Documents and Settings\Young Eun Choi\Application Data\.purple\logs\aim\ooyoungunoo\sejin53\2007-10-27.020035-0400EDT.txt Object is locked skipped C:\Documents and Settings\Young Eun Choi\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F1.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.sa skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F1.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.sb skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F1.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.sa skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F1.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Agent.rq skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F1.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Agent.sd skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F1.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.sd skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F1.tmp NSIS: infected - 6 skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F5.tmp/stream/data0002 Infected: not-a-virus:AdWare.Win32.Agent.sa skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F5.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.sb skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F5.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.sa skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F5.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Agent.rq skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F5.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Agent.sd skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F5.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.sd skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F5.tmp NSIS: infected - 6 skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F9.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.sa skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F9.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Agent.ru skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F9.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.ru skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2F9.tmp NSIS: infected - 3 skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2FB.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Vapsup.ix skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2FB.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.sa skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2FB.tmp/stream/data0007 Infected: not-a-virus:AdWare.Win32.Vapsup.ip skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2FB.tmp/stream/data0008 Infected: not-a-virus:AdWare.Win32.Vapsup.io skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2FB.tmp/stream Infected: not-a-virus:AdWare.Win32.Vapsup.io skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\BIT2FB.tmp NSIS: infected - 5 skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\History\History.IE5\MSHist012007102720071028\index.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\Perflib_Perfdata_690.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\Perflib_Perfdata_bc4.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\~DF5987.tmp Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\~DF8DF8.tmp Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temp\~DF8E05.tmp Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\87L7UUN9\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\87L7UUN9\search1[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\87L7UUN9\search[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\B5V8TN3C\search[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\E78712JE\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\E78712JE\search1[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\E78712JE\search[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\ELPAZ2LK\backups\backup-20071023-220301-635.dll Infected: not-a-virus:AdWare.Win32.Vapsup.ik skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\ELPAZ2LK\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\ELPAZ2LK\search[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\FP8C9JBX\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\FP8C9JBX\search1[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\LRFJ1XG2\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\OHUFW1M3\search[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\QEQHXH4I\search[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\QEQHXH4I\search[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\QEQHXH4I\search[3].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\QL8BYHGD\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\RFX9PDHM\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\UV0V6TGB\search[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\WHAN8HYR\search[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\XSXPJX97\search1[1].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\Local Settings\Temporary Internet Files\Content.IE5\XSXPJX97\search[2].htm Infected: Trojan-Downloader.JS.Remora.w skipped C:\Documents and Settings\Young Eun Choi\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Young Eun Choi\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT465NAV~.TMP Object is locked skipped C:\Program Files\Symantec Client Security\Symantec AntiVirus\SAVRT771NAV~.TMP Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP67\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\kthemup.exe Infected: not-a-virus:AdWare.Win32.Vapsup.ij skipped C:\WINDOWS\ocgrep.dll Infected: not-a-virus:AdWare.Win32.Agent.ro skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{5B7E08BC-156C-4A17-A1DE-8F1E7C3BD194}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped C:\WINDOWS\system32\profile.dat Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:12:33 AM, on 10/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exeC:\WINDOWS\System32\TPHDEXLG.EXEC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeC:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\TpShocks.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exeC:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeC:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Digital Line Detect\DLG.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Pidgin\pidgin.exeC:\Documents and Settings\Young Eun Choi\My Documents\HijackThis\HJTInstall.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helperO4 - HKLM\..\Run: [TpShocks] TpShocks.exeO4 - HKLM\..\Run: [TP4EX] tp4ex.exeO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /trayO4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -DelayO4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exeO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exeO4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeO4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeO4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitorO4 - HKLM\..\Run: [bLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLogO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Bluetooth.lnk = ?O4 - Global Startup: Digital Line Detect.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO11 - Options group: [JAVA_IBM] Java (IBM)O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191683414671O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocxO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeO23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exeO23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exeO23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXEO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe--End of file - 10678 bytes Link to post Share on other sites
Andro1d Posted October 27, 2007 Report Share Posted October 27, 2007 Hello,No need to poast a new topic, just reply back to this thread.Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.ThenLets run an F-Secure online scan for Viruses, Spyware and RootKits:Go to http://support.f-secure.com/enu/home/ols.shtmlScroll to the bottom of the page and click the Start scanning button. A window will pop up.Allow the Active X control to be installed on your computer, then click the Accept buttonClick Full System Scan and allow the components to download and the scan to complete.If malware is found, check Submit samples to F-Secure then select Automatic cleaningWhen cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this postIf Automatic cleaning with Submit samples hangs, click Cancel, then New ScanWhen the cleaning option is presented, Uncheck Submit samples to F-SecureClick Automatic cleaningWhen cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this postNotes: This scan will only work with Internet ExplorerYou must have administrator rights to run this scanThis scan can take several hours, so please be patient Link to post Share on other sites
thinkpad Posted October 27, 2007 Author Report Share Posted October 27, 2007 Scanning ReportSaturday, October 27, 2007 17:37:39 - 19:29:40Computer name: LENOVO-EC86E42A Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ --------------------------------------------------------------------------------Result: 8 malware foundAdware.Agent (spyware) System (Disinfected) Tracking Cookie (spyware) System (Disinfected) System System System System Zlob.gen94 (virus) C:\PROGRAM FILES\UZHCWTGI\CTUWGCWH.DLL (Submitted) C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\HEZQNWVO.DLL (Submitted) --------------------------------------------------------------------------------StatisticsScanned:Files: 33667 System: 4937 Not scanned: 4 Actions:Disinfected: 2 Renamed: 0 Deleted: 0 None: 6 Submitted: 2 Files not scanned:C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{5B7E08BC-156C-4A17-A1DE-8F1E7C3BD194}.BIN --------------------------------------------------------------------------------OptionsScanning engines:F-Secure Libra: 2.4.2, 2007-10-26 F-Secure AVP: 7.0.171, 2007-10-27 F-Secure Orion: 1.2.37, 2007-10-26 F-Secure Blacklight: 1.0.64 F-Secure Draco: 1.0.35, 0598-150-72 F-Secure Pegasus: 1.19.0, 2007-09-18 Scanning options:Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX Use Advanced heuristics Link to post Share on other sites
Andro1d Posted October 28, 2007 Report Share Posted October 28, 2007 Please download SmitfraudFix (by S!Ri) to your Desktop.Double-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm Link to post Share on other sites
thinkpad Posted October 28, 2007 Author Report Share Posted October 28, 2007 SmitFraudFix v2.242Scan done at 12:30:33.98, Sun 10/28/2007Run from C:\Documents and Settings\Young Eun Choi\Desktop\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in normal mode»»»»»»»»»»»»»»»»»»»»»»»» ProcessC:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exeC:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exeC:\WINDOWS\System32\TPHDEXLG.EXEC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeC:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\TpShocks.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exeC:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeC:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\ThinkPad\Bluetooth Software\BTTray.exeC:\Program Files\Digital Line Detect\DLG.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\Pidgin\pidgin.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\cmd.exe»»»»»»»»»»»»»»»»»»»»»»»» hosts»»»»»»»»»»»»»»»»»»»»»»»» C:\»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWSC:\WINDOWS\bxsbang.dll FOUND !C:\WINDOWS\kthemup.exe FOUND !C:\WINDOWS\ocgrep.dll FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Young Eun Choi»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Young Eun Choi\Application Data»»»»»»»»»»»»»»»»»»»»»»»» Start Menu»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\YOUNGE~1\FAVORI~1»»»»»»»»»»»»»»»»»»»»»»»» Desktop»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]"Source"="About:Home""SubscribedURL"="About:Home""FriendlyName"="My Current Home Page"»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=""»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]"System"=""»»»»»»»»»»»»»»»»»»»»»»»» Rustock»»»»»»»»»»»»»»»»»»»»»»»» DNSDescription: Intel® PRO/1000 PL Network Connection - Packet Scheduler MiniportDNS Server Search Order: 192.168.1.1Description: Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler MiniportDNS Server Search Order: 192.168.1.1HKLM\SYSTEM\CCS\Services\Tcpip\..\{692CB560-02F8-4037-8E59-97DC815E2999}: DhcpNameServer=192.168.1.1HKLM\SYSTEM\CCS\Services\Tcpip\..\{EAD840CF-F764-4838-9A60-261F36AFC2CB}: DhcpNameServer=192.168.1.1HKLM\SYSTEM\CS1\Services\Tcpip\..\{692CB560-02F8-4037-8E59-97DC815E2999}: DhcpNameServer=192.168.1.1HKLM\SYSTEM\CS1\Services\Tcpip\..\{EAD840CF-F764-4838-9A60-261F36AFC2CB}: DhcpNameServer=192.168.1.1HKLM\SYSTEM\CS3\Services\Tcpip\..\{692CB560-02F8-4037-8E59-97DC815E2999}: DhcpNameServer=192.168.1.1HKLM\SYSTEM\CS3\Services\Tcpip\..\{EAD840CF-F764-4838-9A60-261F36AFC2CB}: DhcpNameServer=192.168.1.1HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection»»»»»»»»»»»»»»»»»»»»»»»» End Link to post Share on other sites
Andro1d Posted October 28, 2007 Report Share Posted October 28, 2007 Hello again,Please go to the following url: http://www.bleepingcomputer.com/submit-malware.php?channel=12"Link to topic where this file was requested:" - http://www.besttechie.net/forums/index.php...mp;#entry104435"Browse to the file you want to submit:" - C:\PROGRAM FILES\UZHCWTGI\CTUWGCWH.DLL"Leave any comments, further information about this file, or contact information:" - Please say that MoNsTeReNeRgY22 asked you to upload this file.Click SubmitThanks. This will give us a chance to look at the file.Please also do the above for the following file.C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\HEZQNWVO.DLLPlease let me know how that goes before we continue. Link to post Share on other sites
thinkpad Posted October 31, 2007 Author Report Share Posted October 31, 2007 I have completed the above. Link to post Share on other sites
Andro1d Posted November 1, 2007 Report Share Posted November 1, 2007 Hello,You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.Next, please reboot your computer in Safe Mode by doing the following :Restart your computerAfter hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;Instead of Windows loading as normal, a menu with options should appear;Select the first option, to run Windows in Safe Mode, then press "Enter".Choose your usual account.Once in Safe Mode, double-click on SmitfraudFix.exeSelect option #2 - Clean by typing 2 and press "Enter" to delete infected files.You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.The report can also be found at the root of the system drive, usually at C:\rapport.txtWarning : running option #2 on a non infected computer will remove your Desktop background.Reboot into Normal ModePlease go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report Link to post Share on other sites
Recommended Posts