|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#16
|
|||
|
|||
+ 2008-10-20 18:22 . 2008-10-20 18:22 11758592 c:\windows\Installer\2c1fa.msp
+ 2008-10-20 18:21 . 2008-10-20 18:21 11937280 c:\windows\Installer\2c1e6.msp + 2008-10-20 18:16 . 2008-10-20 18:16 13211648 c:\windows\Installer\2c1c0.msp + 2009-02-26 02:05 . 2009-02-26 02:05 11840000 c:\windows\Installer\25bbb9c.msp + 2008-01-29 01:07 . 2008-01-29 01:07 19034624 c:\windows\Installer\24acf0d.msp + 2009-07-01 20:19 . 2009-07-01 20:19 10607104 c:\windows\Installer\1a5a333.msp + 2008-12-13 17:21 . 2008-12-13 17:21 10473472 c:\windows\Installer\1a5a313.msp + 2008-07-03 18:36 . 2008-07-03 18:36 11937792 c:\windows\Installer\19d17c8.msp + 2008-07-08 17:09 . 2008-07-08 17:09 11887616 c:\windows\Installer\19d17b4.msp + 2008-07-03 18:37 . 2008-07-03 18:37 11759104 c:\windows\Installer\19d17a2.msp + 2008-07-01 16:25 . 2008-07-01 16:25 11814912 c:\windows\Installer\19d1729.msp + 2007-04-22 03:16 . 2007-04-22 03:16 12490752 c:\windows\Installer\150a2d0.msp + 2009-02-26 02:07 . 2009-02-26 02:07 11646464 c:\windows\Installer\14591d8.msp + 2005-05-23 21:23 . 2005-05-23 21:23 10442752 c:\windows\Installer\11540.msi + 2008-03-17 19:48 . 2008-03-17 19:48 11813888 c:\windows\Installer\10240fb.msp + 2008-03-01 05:09 . 2008-03-01 05:09 16907776 c:\windows\Installer\10240da.msp + 2008-04-14 21:26 . 2008-04-14 21:26 11888128 c:\windows\Installer\10240bf.msp + 2008-01-14 22:24 . 2008-01-14 22:24 10721280 c:\windows\Installer\102409c.msp + 2008-08-21 21:35 . 2008-08-21 21:35 14591488 c:\windows\Downloaded Installations\{7BEC6146-FBFC-4AEB-87F6-5F27F46A607A}\veoh.msi + 2009-02-15 08:19 . 2009-02-15 08:19 15595520 c:\windows\Downloaded Installations\{76564605-71B8-4261-A1AC-0DD34CC058CA}\FormViewer.msi + 2008-07-19 02:46 . 2008-07-19 02:46 14589952 c:\windows\Downloaded Installations\{215346A4-41DD-44E6-A5FF-165D475F7436}\veoh.msi + 2009-08-16 16:28 . 2009-08-16 16:29 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\63406259e94d5c0ff5b79401dfe113ce \System.Windows.Forms.ni.dll + 2009-08-16 16:37 . 2009-08-16 16:37 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\3963ce03d445a8619abbf388d590134b\System.We b.ni.dll + 2009-08-16 16:34 . 2009-08-16 16:34 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.ServiceModel\4146033013edebd7e0cb604e504ebfee\ System.ServiceModel.ni.dll + 2009-08-16 16:28 . 2009-08-16 16:28 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Design\8ee220bc3cce4f7bbd7818946519ed7f\System .Design.ni.dll + 2009-08-16 16:26 . 2009-08-16 16:26 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\96e710f47c601cba3f2348a8d11ddede \PresentationFramework.ni.dll + 2009-08-16 16:24 . 2009-08-16 16:24 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\Pre sentationCore\956375d487cbef36165b3250030e3574\Pre sentationCore.ni.dll + 2009-08-16 16:22 . 2009-08-16 16:22 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\msc orlib\6d667f19d687361886990f3ca0f49816\mscorlib.ni .dll + 2007-07-27 16:03 . 2007-07-27 16:03 119977472 c:\windows\Installer\2f6bc6.msp + 2007-10-15 06:43 . 2007-10-15 06:43 229852160 c:\windows\Installer\2f52f95.msp . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-22 148888] c:\documents and settings\skm\Start Menu\Programs\Startup\ Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{B9E618A2-A4FE-11D4-83C2-005004636C96}"= "c:\program files\Metamail Inc\Metamail Reader\OESHook.dll" [2005-04-26 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] 2004-10-15 19:27 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys] @="FSFilter Activity Monitor" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk backup=c:\windows\pss\RAMASST.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^skm^Start Menu^Programs^Startup^Yahoo! Widgets.lnk] path=c:\documents and settings\skm\Start Menu\Programs\Startup\Yahoo! Widgets.lnk backup=c:\windows\pss\Yahoo! Widgets.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "Swupdtmr"=2 (0x2) "Pml Driver HPZ12"=2 (0x2) "odserv"=3 (0x3) "dldw_device"=2 (0x2) "dldwCATSCustConnectService"=2 (0x2) "DCLTSSS"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Microsoft office 2007\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000 .087\SymEFA.sys [2009-07-12 오전 12:56 310320] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087 \BHDrvx86.sys [2009-07-12 오전 12:56 258608] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.0 87\cchpx86.sys [2009-07-12 오전 12:55 482352] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810. 001\IDSXpx86.sys [2009-08-12 오후 1:03 276344] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [2009-07-12 오전 12:55 115560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-07-26 오전 12:28 101936] S3 cfproctect;cfproctect;c:\windows\system32\drivers\ cfprotect.sys [2007-12-15 오후 9:46 10240] S4 DCLTSSS;Distributed Link Tracking Client Service;c:\windows\system32\System.exe --> c:\windows\system32\System.exe [?] S4 dldw_device;dldw_device;c:\windows\system32\dldwco ms.exe -service --> c:\windows\system32\dldwcoms.exe -service [?] . Contents of the 'Scheduled Tasks' folder 2007-12-03 c:\windows\Tasks\Registration reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2005-05-23 12:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Microsoft Excel로 내보내기(&X) - c:\progra~1\MI69EF~1\Office12\EXCEL.EXE/3000 DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} - hxxp://cyimg8.cyworld.com/ImageUpload/CyImageUpload_10217.cab DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} - hxxp://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU1.cab?20080604 DPF: {EDF03CCA-D3ED-4930-9450-EA1EAC6BA641} - hxxp://shop.doublepoint.net/install/acx/doublepointP.cab FF - ProfilePath - c:\documents and settings\skm\Application Data\Mozilla\Firefox\Profiles\z9xv61nv.default\ FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn. dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl. dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-23 00:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N orton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1376) c:\windows\system32\IMKR12.IME c:\program files\Intel\Wireless\Bin\LgNotify.dll c:\windows\system32\igfxsrvc.dll c:\windows\system32\hccutils.DLL - - - - - - - > 'explorer.exe'(1520) c:\windows\system32\WININET.dll c:\windows\system32\IMKR12.IME c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-08-23 0:12 ComboFix-quarantined-files.txt 2009-08-23 07:12 ComboFix2.txt 2009-06-22 08:15 Pre-Run: 60,928,036,864 bytes free Post-Run: 60,949,106,688 bytes free 1314 --- E O F --- 2009-08-16 16:31 |
#17
|
||||
|
||||
No problem
![]() Please upload and have this file scanned: c:\windows\system32\System.exe c:\windows\system32\dldwcoms.exe Here: virustotal Post back the results |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Running slower than usual/ crashing | erictheking | Malware Removal | 1 | September 6th, 2007 05:43 PM |
HJT Log Checkup - system running slower than usual. | boardernerd228 | Malware Removal | 3 | May 27th, 2007 12:45 AM |
computer running slower than usual | Braves728 | Malware Removal | 1 | December 18th, 2006 02:24 AM |
IE running slower (than usual) - Win XP Pro | blake_lives | Internet / Browsers | 2 | February 12th, 2006 04:46 AM |
Computer running slower than usual | mattimus | Windows XP | 3 | January 26th, 2005 09:20 AM |
All times are GMT +1. The time now is 10:39 PM.