Lowyat.NET: Latest topics by keptz

Lowyat.NET: Latest topics by keptz http://forum.lowyat.net/ Wed, 03 Jun 2026 20:42:01 +0800 FeedCreator 1.7.2 TrojanZlob.G attack http://forum.lowyat.net/topic/869014 The windows firewall has detected and blocked the suspicious software. My comp suddenly become very laggy. The AVG8 has been disable by itself. help me out with this. <br /><br />Here my logfile..<br /><br /><div class="spoilertop" onClick="openClose('32eb3e07c6a56e3445aa7b3543eafcce')" style="font-weight: bold"><u>» Click to show Spoiler - click again to hide... «</u></div><div class="spoilermain" id="32eb3e07c6a56e3445aa7b3543eafcce" style="display:none"><br />Logfile of Trend Micro HijackThis v2.0.2<br />Scan saved at 4:50:17 PM, on 12/8/2008<br />Platform: Windows XP SP2 (WinNT 5.01.2600)<br />MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)<br />Boot mode: Normal<br /><br />Running processes:<br />C:\WINDOWS\System32\smss.exe<br />C:\WINDOWS\system32\winlogon.exe<br />C:\Program Files\AVG\AVG8\avgrsx.exe<br />C:\WINDOWS\system32\services.exe<br />C:\WINDOWS\system32\lsass.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\WINDOWS\System32\svchost.exe<br />C:\WINDOWS\system32\spoolsv.exe<br />C:\WINDOWS\Explorer.EXE<br />C:\Program Files\Bonjour\mDNSResponder.exe<br />C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe<br />C:\WINDOWS\system32\PnkBstrA.exe<br />C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe<br />C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe<br />C:\WINDOWS\system32\svchost.exe<br />C:\PROGRA~1\AVG\AVG8\avgtray.exe<br />C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe<br />C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE<br />C:\Program Files\Microsoft ActiveSync\wcescomm.exe<br />C:\PROGRA~1\MICROS~3\rapimgr.exe<br />C:\Program Files\Windows Live\Messenger\usnsvc.exe<br />C:\Program Files\Mozilla Firefox\firefox.exe<br />C:\Program Files\Trend Micro\HijackThis\HijackThis.exe<br /><br />R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = <a href='http://go.microsoft.com/fwlink/?LinkId=488' target='_blank'>http://go.microsoft.com/fwlink/?LinkId=488</a><br />R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local<br />R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll<br />O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll<br />O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll<br />O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll<br />O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll<br />O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll<br />O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)<br />O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll<br />O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll<br />O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"<br />O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"<br />O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe<br />O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background<br />O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet<br />O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"<br />O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe<br />O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE<br />O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000<br />O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll<br />O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll<br />O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll<br />O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll<br />O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll<br />O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll<br />O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll<br />O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll<br />O20 - AppInit_DLLs: avgrsstx.dll<br />O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe<br />O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe<br />O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe<br />O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe<br /><br />--<br />End of file - 4879 bytes<br /></div> keptz Technical Support Mon, 08 Dec 2008 17:03:26 +0800