Hi guys, Im new here.. i know this site from my friend that ever have a
problem solved before.. Glad to be here.
I recently had some virus problems. after rebuild my security software
combination & do a scan most of the virus & spyware seem to be cleared up.
but i'm not sure because when i start browsing some site & i always see
list of the connection being made by IE to ip other than the site i browsed
(i feel like being spied). also my Computer running with a little lag
lately. btw, i ever got ARP Poisoning Attack (Man in the middle) many of my
account password have been stolen.. how to counter attack this?.. i'm using
comodo firewall now but from Matousec's Firewall challange, comodo can't
counter sniffing attack.. one of my friend said if i using https, my
password will be encrypted even its sniffed..is that ryte?
Here's my HJT log
Any help appreciated..
problem solved before.. Glad to be here.
I recently had some virus problems. after rebuild my security software
combination & do a scan most of the virus & spyware seem to be cleared up.
but i'm not sure because when i start browsing some site & i always see
list of the connection being made by IE to ip other than the site i browsed
(i feel like being spied). also my Computer running with a little lag
lately. btw, i ever got ARP Poisoning Attack (Man in the middle) many of my
account password have been stolen.. how to counter attack this?.. i'm using
comodo firewall now but from Matousec's Firewall challange, comodo can't
counter sniffing attack.. one of my friend said if i using https, my
password will be encrypted even its sniffed..is that ryte?
Here's my HJT log
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:47 PM, on 11/21/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Comodo\SecureEmail\ComodoSE.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Comodo\SecureEmail\ComodoSE.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\YPOPs\ypops.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
file://c:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
file://c:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = >>>
'Full Speed' Enabled <<<
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program
Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-
C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} -
C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-
5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvSvc] "C:\Windows\system32\RUNDLL32.EXE"
C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "C:\Windows\system32\RUNDLL32.EXE"
C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "C:\Windows\system32\RUNDLL32.EXE"
C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog
Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program
Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download
Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program
Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!
\Widgets\YahooWidgets.exe
O4 - Startup: YPOPs.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions
present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: Download all links with IDM - C:\Program
Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM -
C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet
Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49}
- C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-
5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} -
C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-
6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} -
C:\Program Files\Lenovo\VeriFace\OpenWnd.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cemlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl
Class) -
http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogW
ebControl.cab?1202142992634
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment
1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-
i586.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class)
- http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{538B46FE-9F1C-493D-B4FE-
F4C741209D5A}: NameServer = 202.59.201.201,202.59.201.202
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: oepl.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH -
C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler
(AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir
PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard
(AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir
PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown
owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program
Files\Sandboxie\SbieSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -
C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -
C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program
Files\ThreatFire\TFService.exe
--
End of file - 9781 bytes
Any help appreciated..