Need Help Please

  1. 05-04-2009  #1
    Doomy
    Doomy is offline Junior Member

    Need Help Please

    Sorry about the double post, i think my other thread got screwed up i cannot see what i wrote.

    Here's my HJT log, my computer has been shutting off by itself,lagging,freezing,blue screen, slow as hell the last 5 months, any help would be appreciated thank you

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:31:43 PM, on 1/10/2000
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\Iexplore.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
    R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ÇÑ°ÔÀÓ - Áñ°Å¿î ½°Ç¥, Go ÇÑ°ÔÀÓ!
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Internet Explorer Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ÇÑ°ÔÀÓ - Áñ°Å¿î ½°Ç¥, Go ÇÑ°ÔÀÓ!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: (no name) - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - (no file)
    R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.netscape.ca"); (C:\Documents and Settings\BUDER\Application Data\Mozilla\Profiles\default\7yq48up8.slt\prefs.j s)
    O1 - Hosts: 82.98.231.89 browser-security.microsoft.com
    O1 - Hosts: 82.98.231.89 best-click-scanner.info
    O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
    O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
    O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
    O1 - Hosts: 82.98.231.89 onlinenotifyq.net
    O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
    O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: {3b198cc3-698a-e5ab-8f24-927ae25a6181} - {1816a52e-a729-42f8-ba5e-a8963cc891b3} - C:\WINDOWS\system32\gqduju.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
    O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7B3C2BDA-7A6D-48FB-9A41-373DBEE11CE8} - C:\WINDOWS\system32\asferro.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
    O2 - BHO: (no name) - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - (no file)
    O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
    O2 - BHO: (no name) - {fb0b9588-297d-4ff4-81ae-31a01c8adda4} - C:\WINDOWS\system32\junowapa.dll
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O3 - Toolbar: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
    O3 - Toolbar: (no name) - {81705D67-3F73-4983-859B-97D0922E5ABE} - (no file)
    O3 - Toolbar: (no name) - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - (no file)
    O3 - Toolbar: (no name) - {51D81DD5-55B7-497F-95DB-D356429BB54E} - (no file)
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O4 - HKLM\..\Run: [zavarulema] Rundll32.exe "C:\WINDOWS\system32\sehesoge.dll",s
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [f4415586] rundll32.exe "C:\WINDOWS\system32\hiwutiwa.dll",b
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [CPMf772661a] Rundll32.exe "c:\windows\system32\febowiye.dll",a
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
    O4 - HKUS\S-1-5-19\..\Run: [zavarulema] Rundll32.exe "C:\WINDOWS\system32\sehesoge.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [zavarulema] Rundll32.exe "C:\WINDOWS\system32\sehesoge.dll",s (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: List
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.getietool.com/redirect.php (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (file missing)
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {00001022-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter22 Class) - http://download.netmarble.com/web/nm...MStarter22.cab
    O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nm...MStarter24.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...reeInstall.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D17175E-48B7-40EC-BEC2-E91C80A89237} (GamehiSpecCheck Control) - http://suddenattack.redbanana.jp/_in...iSpecCheck.cab
    O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab
    O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/login/p...iGameStart.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://orgy2000.spaces.msn.com//Phot...d/MsnPUpld.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - ijji - Where Gamers Unite!
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {62D21B0B-D96F-45F7-968E-7DC16E31FE57} (DazoinControl Class) - http://tcrew.gamengame.com/activex/DazoinActiveXE.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
    O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
    O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - https://bill.netgame.com/mglaunch_USAv1002.cab
    O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8237.cab
    O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://gpdl.pmang.com/sayclub/sayctl/sayax.cab
    O16 - DPF: {AA33C66F-71DB-43E9-B559-3CBE4398E9A9} (BugsGameStarts Class) - http://au.bugsgames.net/game/GBugsGameStart.cab
    O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab
    O16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) - http://www.dragongemworld.com/Active_X/ENetLauncher.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
    O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://id.hangame.com/common/HanSetup1010.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - ijji - Where Gamers Unite!
    O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/contr...terActiveX.cab
    O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hg...PluginJP23.cab
    O16 - DPF: {D6855164-25C2-40D2-BA39-D8A57FF0B49C} (RedbananaVistaPlay Class) - http://suddenattack.redbanana.jp/_in...naAutoPlay.cab
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - It\'s all about the game "Game & Game"
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - ijji - Where Gamers Unite!
    O16 - DPF: {E1CE4482-98E9-48F8-8D0D-EF03BC9E26F3} (BugsGameStarts Class) - http://audition.bugs.co.kr/Game/BugsGameStart.cab
    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - debt consolidation insurance education online at imagesrvr.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9F175587-7955-417A-8403-D9DC9B777495}: NameServer = 85.255.113.196,85.255.112.174
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BA9F4DEF-8DF6-4AD0-B2C4-6418A779A147}: NameServer = 85.255.113.196,85.255.112.174
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BED5BCE0-1D30-4FE3-BDC7-94C049F83B48}: NameServer = 85.255.113.196,85.255.112.174
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED3C11DF-5702-4288-8F4E-0EFAEDDA55E8}: NameServer = 85.255.113.196,85.255.112.174
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FE516165-4DE6-400F-8244-6B4F66C0E734}: NameServer = 85.255.113.196,85.255.112.174
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.196 85.255.112.174
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.196 85.255.112.174
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.196 85.255.112.174
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.196 85.255.112.174
    O20 - AppInit_DLLs: ys.dll C:\WINDOWS\system32\noyafugu.dll gqduju.dll c:\windows\system32\febowiye.dll
    O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\febowiye.dll
    O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - (no file)
    O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - (no file)
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\febowiye.dll
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

    --
    End of file - 15831 bytes

  3. 05-04-2009  #2
    broni
    broni is offline Senior Member
    You have MASSIVE infection!
    One of the reasons, there is no antivirus program present!

    1. Make sure, Windows firewall is on:
    Go Start>Control Panel. Double click on the Security Center icon. Click on the Windows Firewall icon beneath the status updates. Click On, then OK.

    2. Download, install, update, and run full scan, using one of the programs listed below:

    - Avast! free antivirus: Download FREE antivirus software - avast! Home Edition
    - Avira free antivirus: Download Free Antivirus Products

    - free PC Tools Firewall Plus: PC Tools Firewall Plus - Free Firewall Download

    - free Comodo Internet Security (firewall + AV): Free Firewall Antivirus Software Download by Comodo

    If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use PC Tools Firewall Plus.
    If you decide to install Comodo, make sure, Windows firewall is turned off.

    IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

    3. When scan is done, post fresh HJT log.
  4. 05-04-2009  #3
    Doomy
    Doomy is offline Junior Member
    Using avast as we speak, once it's done i will post a HJT log asap. thank you broni
  5. 05-04-2009  #4
    broni
    broni is offline Senior Member
    Sure thing.
  6. 05-04-2009  #5
    Doomy
    Doomy is offline Junior Member
    Ran Avast, found alot of trojans/virus's

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:43:48 PM, on 1/10/2000
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\BUDER\Application Data\Mozilla\Profiles\default\7yq48up8.slt\prefs.j s)
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: {3b198cc3-698a-e5ab-8f24-927ae25a6181} - {1816a52e-a729-42f8-ba5e-a8963cc891b3} - C:\WINDOWS\system32\gqduju.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
    O2 - BHO: (no name) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7B3C2BDA-7A6D-48FB-9A41-373DBEE11CE8} - C:\WINDOWS\system32\asferro.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
    O2 - BHO: (no name) - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - (no file)
    O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
    O2 - BHO: (no name) - {fb0b9588-297d-4ff4-81ae-31a01c8adda4} - C:\WINDOWS\system32\junowapa.dll (file missing)
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [f4415586] rundll32.exe "C:\WINDOWS\system32\hiwutiwa.dll",b
    O4 - HKLM\..\Run: [CPMf772661a] Rundll32.exe "c:\windows\system32\febowiye.dll",a
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [zavarulema] Rundll32.exe "C:\WINDOWS\system32\sehesoge.dll",s
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
    O4 - HKUS\S-1-5-19\..\Run: [zavarulema] Rundll32.exe "C:\WINDOWS\system32\sehesoge.dll",s (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [zavarulema] Rundll32.exe "C:\WINDOWS\system32\sehesoge.dll",s (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: List
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {00001022-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter22 Class) - http://download.netmarble.com/web/nm...MStarter22.cab
    O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nm...MStarter24.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...reeInstall.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D17175E-48B7-40EC-BEC2-E91C80A89237} (GamehiSpecCheck Control) - http://suddenattack.redbanana.jp/_in...iSpecCheck.cab
    O16 - DPF: {20050325-D35A-4233-926E-2E801AE25949} (NMJPStarter15 Class) - http://www.netmarble.jp/_common/cab/NMStarterJP6.cab
    O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/login/p...iGameStart.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
    O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://orgy2000.spaces.msn.com//Phot...d/MsnPUpld.cab
    O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - ijji - Where Gamers Unite!
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {62D21B0B-D96F-45F7-968E-7DC16E31FE57} (DazoinControl Class) - http://tcrew.gamengame.com/activex/DazoinActiveXE.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
    O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} (NMJTransX Control) - http://file.netmarble.jp/Control/NMJTransX.cab
    O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
    O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - https://bill.netgame.com/mglaunch_USAv1002.cab
    O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.com/kdefence/kdfense8237.cab
    O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} (Neowiz Login Control) - http://gpdl.pmang.com/sayclub/sayctl/sayax.cab
    O16 - DPF: {AA33C66F-71DB-43E9-B559-3CBE4398E9A9} (BugsGameStarts Class) - http://au.bugsgames.net/game/GBugsGameStart.cab
    O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} (P3Xfer Loader Class) - http://config.hyosungcdn.com/download/p3xset.cab
    O16 - DPF: {ADCC68D4-AAEA-4338-817D-1F261D9FB759} (ENetLauncher Control) - http://www.dragongemworld.com/Active_X/ENetLauncher.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
    O16 - DPF: {C044CD87-DFB0-4130-A5E4-49361106FBC8} (HanSetupCtrl1010 Class) - http://id.hangame.com/common/HanSetup1010.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - ijji - Where Gamers Unite!
    O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/contr...terActiveX.cab
    O16 - DPF: {D0FD5E32-CABD-4A6E-BD0F-94ACE89CCE03} (HGPluginJP23 Class) - http://down.hangame.co.jp/jp/dist/hg...PluginJP23.cab
    O16 - DPF: {D6855164-25C2-40D2-BA39-D8A57FF0B49C} (RedbananaVistaPlay Class) - http://suddenattack.redbanana.jp/_in...naAutoPlay.cab
    O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - It\'s all about the game "Game & Game"
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} - ijji - Where Gamers Unite!
    O16 - DPF: {E1CE4482-98E9-48F8-8D0D-EF03BC9E26F3} (BugsGameStarts Class) - http://audition.bugs.co.kr/Game/BugsGameStart.cab
    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - antivirus 2009 real estate apartment at imagesrvr.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9F175587-7955-417A-8403-D9DC9B777495}: NameServer = 85.255.113.196,85.255.112.174
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BA9F4DEF-8DF6-4AD0-B2C4-6418A779A147}: NameServer = 85.255.113.196,85.255.112.174
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BED5BCE0-1D30-4FE3-BDC7-94C049F83B48}: NameServer = 85.255.113.196,85.255.112.174
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED3C11DF-5702-4288-8F4E-0EFAEDDA55E8}: NameServer = 85.255.113.196,85.255.112.174
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FE516165-4DE6-400F-8244-6B4F66C0E734}: NameServer = 85.255.113.196,85.255.112.174
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.196 85.255.112.174
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.196 85.255.112.174
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.113.196 85.255.112.174
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.196 85.255.112.174
    O20 - AppInit_DLLs: ys.dll gqduju.dll c:\windows\system32\febowiye.dll,C:\WINDOWS\system 32\noyafugu.dll
    O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\febowiye.dll
    O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - (no file)
    O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - (no file)
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\febowiye.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

    --
    End of file - 12031 bytes

    thanks again broni.
  7. 05-04-2009  #6
    Doomy
    Doomy is offline Junior Member
    Really sorry about the quadruple post, it was lagging for 20 minutes..
  8. 05-04-2009  #7
    jephree
    jephree is offline ¨*·.¸ «.·°·..·°·.» ¸.·*¨
    Due to the nature of your logs they are being caught in our spam filters.

    Sorry for the inconvenience.
  9. 05-04-2009  #8
    Doomy
    Doomy is offline Junior Member
    Oh? am i in trouble? it's not an inconvenience really - sorry about it.
  10. 05-04-2009  #9
    jephree
    jephree is offline ¨*·.¸ «.·°·..·°·.» ¸.·*¨
    No problem. Your logs are listing items that our filters ban as spam. It is an auto bot.

    Broni will reply soon.
  11. 05-04-2009  #10
    Doomy
    Doomy is offline Junior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Thanks a bunch, will be waiting patiently, gona have to donate soon love the service.
+ Reply to Thread
Page 1 of 2 1 2 LastLast
« How Do You Know if you Have the Conficker Worm? Use This Handy Chart! | Avira antivirus won't GO! »