 Htepo.com Has Grabbed My Computer! |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Nov 15 2007, 04:33 PM
Post
#1
|
|
|
Member  Group: Members Posts: 41 Joined: 15-November 07 From: key west Member No.: 169,947  |
ComboFix 07-11-08.1 - HP_Owner 2007-11-15 16:03:59.9 - NTFSx86 Running from: C:\Documents and Settings\HP_Owner\My Documents\mozilla downloads\ComboFix.exe . Unable to gain System Privileges ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\HP_Owner\Desktop\Live Safety Center.lnk C:\Documents and Settings\HP_Owner\Desktop\Online Security Guide.lnk C:\Documents and Settings\HP_Owner\Favorites\Online Security Guide.lnk C:\WINDOWS\system32\onnmp.bak1 C:\WINDOWS\system32\onnmp.ini C:\WINDOWS\system32\pmnno.dll C:\WINDOWS\system32\usysykju.dllbox . ((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))) . 2007-11-15 15:32 <DIR> d-------- C:\Program Files\RegCure 2007-11-15 15:09 <DIR> d-------- C:\Program Files\Lavasoft 2007-11-15 15:09 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-15 14:30 <DIR> d-------- C:\Program Files\Viewpoint 2007-11-15 14:06 <DIR> d-------- C:\Program Files\XoftSpySE 2007-11-15 01:32 144,480 --a------ C:\WINDOWS\system32\usysykju.dll 2007-11-15 01:32 144,480 --a--c--- C:\WINDOWS\system32\criktbeb.dll 2007-11-15 01:29 71,232 --a--c--- C:\WINDOWS\system32\qnggmrfw.exe 2007-11-14 02:37 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-14 02:37 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-14 02:37 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-14 02:37 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-14 02:37 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-14 02:37 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-14 02:37 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-14 02:37 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-14 02:21 37,376 --a------ C:\WINDOWS\system32\nnnnkkk.dll 2007-11-14 02:13 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2007-11-14 01:47 <DIR> d----c--- C:\VundoFix Backups 2007-11-13 22:43 37,376 --a------ C:\WINDOWS\system32\khfcdba.dll 2007-11-13 22:43 336 --a------ C:\WINDOWS\17PHolmes1188.exe 2007-11-13 22:06 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-13 20:24 144,480 --a--c--- C:\WINDOWS\system32\aipbnwrm.dll 2007-11-13 20:21 85,056 --a--c--- C:\WINDOWS\system32\bwnknnrh.dll 2007-11-13 20:18 80,448 --a--c--- C:\WINDOWS\system32\jwwspdfs.dll 2007-11-13 20:12 71,232 --a--c--- C:\WINDOWS\system32\eoxejuqf.exe 2007-11-13 05:01 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Roxio 2007-11-13 02:24 <DIR> d-------- C:\Program Files\WinMX Fix v.3.0 2007-11-13 02:24 <DIR> d-------- C:\Program Files\iTunes 2007-11-13 02:24 <DIR> d-------- C:\Program Files\iPod 2007-11-13 02:23 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2007-11-13 02:23 <DIR> d-------- C:\Program Files\Roxio 2007-11-13 02:23 <DIR> d-------- C:\Program Files\Remove Empty Directories 2007-11-13 02:23 <DIR> d-------- C:\Program Files\Maxis 2007-11-13 02:23 <DIR> d-------- C:\Program Files\InterVideo 2007-11-13 02:23 <DIR> d-------- C:\Program Files\Disney 2007-11-13 02:23 <DIR> d-------- C:\Program Files\Cosmi 2007-11-13 02:23 <DIR> d-------- C:\Program Files\Clipmarks 2007-11-13 02:23 <DIR> d-------- C:\Program Files\BaDoink 2007-11-13 02:23 <DIR> d-------- C:\Program Files\AGEIA Technologies 2007-11-13 02:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Roxio 2007-11-13 02:22 <DIR> d-------- C:\Program Files\Viewpoint(3) 2007-11-13 02:22 <DIR> d-------- C:\Program Files\Tencent 2007-11-13 02:22 <DIR> d-------- C:\Program Files\MySpace 2007-11-13 02:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-11-13 02:22 <DIR> d-------- C:\audio 2007-11-13 02:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(2) 2007-11-10 13:33 <DIR> d-------- C:\Program Files\AGEIA Technologies(2) 2007-11-09 19:19 <DIR> d-------- C:\Program Files\Aspyr 2007-11-09 15:18 <DIR> d-------- C:\Program Files\Apple Software Update 2007-11-08 23:11 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-11-08 23:09 134 --a--c--- C:\n.bat 2007-11-08 23:08 35,328 --a------ C:\WINDOWS\system32\yayxutq.dll 2007-11-08 23:08 0 --a--c--- C:\z.dat 2007-11-08 23:08 0 --a--c--- C:\x.dat 2007-11-07 15:42 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2007-11-07 15:42 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-11-07 15:42 <DIR> d-------- C:\Program Files\Legacy Interactive 2007-11-07 15:42 <DIR> d-------- C:\Program Files\GameSpy 2007-11-07 15:42 <DIR> d-------- C:\Program Files\Firaxis Games 2007-11-07 15:42 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2007-11-07 15:41 <DIR> d--h----- C:\Program Files\Zero G Registry 2007-11-07 15:41 <DIR> d-------- C:\Program Files\VstPlugins 2007-11-07 15:41 <DIR> d-------- C:\Program Files\UltraISO 2007-11-07 15:41 <DIR> d-------- C:\Program Files\Symantec 2007-11-07 15:41 <DIR> d-------- C:\Program Files\SoundSpectrum 2007-11-07 15:41 <DIR> d-------- C:\Program Files\SD EnterNET 2007-11-07 00:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MumboJumbo 2007-11-06 01:20 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-11-04 20:10 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll 2007-11-04 13:33 <DIR> d----c--- C:\c6616f9bfd906f1ad04bbed7e3dd4f 2007-11-04 13:30 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared 2007-11-04 13:30 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Sonic 2007-11-04 01:28 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Sierra Entertainment 2007-11-04 01:28 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-03 17:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-10-30 01:47 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Super-Cow 2007-10-29 01:58 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2007-10-29 01:58 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-29 01:58 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll 2007-10-29 01:58 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll 2007-10-25 02:25 <DIR> d-------- C:\Program Files\MSECache 2007-10-25 02:05 <DIR> d-------- C:\Program Files\Download Manager 2007-10-24 01:58 143,872 --a------ C:\WINDOWS\system32\iacenc.dll 2007-10-24 01:58 56,832 --a------ C:\WINDOWS\system32\iyvu9_32.dll 2007-10-24 01:44 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\QQ Games Plugin 2007-10-23 18:22 86,082 --a------ C:\WINDOWS\system32\ftdiunin.exe 2007-10-23 18:22 77,890 --a------ C:\WINDOWS\system32\FTLang.dll 2007-10-23 18:22 60,572 --a------ C:\WINDOWS\system32\drivers\ftser2k.sys 2007-10-23 18:22 48,625 --a------ C:\WINDOWS\system32\ftserui2.dll 2007-10-23 18:22 28,449 --a------ C:\WINDOWS\system32\drivers\ftdibus.sys 2007-10-20 12:32 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-10-20 12:32 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2007-10-20 02:30 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\iWin 2007-10-20 01:36 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll 2007-10-20 01:36 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll 2007-10-20 01:36 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll 2007-10-20 01:36 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2007-10-20 01:35 <DIR> d-------- C:\Program Files\coolpro2 2007-10-19 19:01 <DIR> d-------- C:\Program Files\Nero . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-15 20:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-15 20:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-15 06:41 --------- d-----w C:\Program Files\Google 2007-11-14 07:28 --------- d-----w C:\Program Files\Trend Micro 2007-11-14 03:07 --------- d-----w C:\Program Files\Java 2007-11-13 22:35 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-13 07:32 --------- d-----w C:\Program Files\Microsoft Games 2007-11-13 07:23 --------- d-----w C:\Program Files\QuickTime 2007-11-13 07:23 --------- d-----w C:\Program Files\LimeWire 2007-11-12 01:31 9,046 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat 2007-11-10 18:52 --------- d-----w C:\Program Files\InterActual 2007-11-10 00:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-09 23:12 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\IGN_DLM 2007-11-07 23:53 --------- d-----w C:\Program Files\Common Files\aolshare 2007-11-07 23:53 --------- d-----w C:\Program Files\Common Files\AOL 2007-11-07 20:42 --------- d-----w C:\Program Files\HPQ 2007-11-07 19:22 --------- d-----w C:\Program Files\Yahoo! 2007-11-07 19:22 --------- d-----w C:\Program Files\Support.com 2007-11-07 19:21 --------- d-----w C:\Program Files\Real 2007-11-07 19:21 --------- d-----w C:\Program Files\Online Backup 2007-11-07 19:21 --------- d-----w C:\Program Files\MSN Toolbar Suite 2007-11-07 19:21 --------- d-----w C:\Program Files\MSN Messenger 2007-11-07 19:21 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-11-07 19:21 --------- d-----w C:\Program Files\ICOO Loader 2007-11-07 19:20 --------- d-----w C:\Program Files\GameSpy Arcade 2007-11-04 18:29 --------- d-----w C:\Program Files\Sonic 2007-10-24 06:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-10-22 22:54 --------- d-----w C:\Program Files\Microsoft IntelliType Pro 2007-10-20 22:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\muvee Technologies 2007-10-20 22:05 --------- d-----w C:\Program Files\AskTBar 2007-10-20 17:52 --------- d-----w C:\Program Files\Common Files\muvee Technologies 2007-10-20 00:11 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nero 2007-10-20 00:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero 2007-10-19 20:13 --------- d-----w C:\Program Files\AusLogics Disk Defrag 2007-10-19 19:47 --------- d-----w C:\Program Files\Common Files\Ahead 2007-10-19 17:47 --------- d-----w C:\Program Files\PConPoint 2007-10-19 17:07 --------- d-----w C:\Program Files\Easy Internet signup 2007-10-19 16:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL 2007-10-19 15:52 --------- d-----w C:\Program Files\IncrediMail 2007-10-19 05:37 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Intuit 2007-10-19 05:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\Intuit 2007-10-19 05:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-19 05:20 --------- d-----w C:\Program Files\Common Files\Real 2007-10-19 05:18 --------- d-----w C:\Program Files\AOL Computer Check-Up 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0f 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0e 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0b 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0 2007-10-19 04:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\QuickTime 2007-10-19 04:40 --------- d-----w C:\Program Files\HP 2007-10-19 04:33 1,716 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PY208AV-ABA a1030e_YC_0Pavi_QMXG530_E53NAheBLU5_47_ISalmon_SASUSTek Computer INC._V1.04_B3.15_T051019_WXH2_L409_M896_J80_7AMD_8Sempron_91.81_#050913_N1039090 0_Z11C1048C_G10396330.MRK 2007-10-19 04:30 --------- d---a-w C:\Program Files\Common Files\LightScribe 2007-10-19 03:44 --------- d-----w C:\Program Files\Webshots 2007-10-19 02:54 --------- d-----w C:\Program Files\Rhapsody 2007-10-19 02:13 --------- d-----w C:\Program Files\BellSouth 2007-10-19 02:10 132,675 ----a-w C:\Program Files\INSTALL.LOG 2007-10-19 02:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-19 00:17 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\BellSouth 2007-10-19 00:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\BellSouth 2007-10-19 00:04 --------- d-----w C:\Program Files\Common Files\Motive 2007-10-18 23:50 4 -c--a-w C:\WINDOWSRegDefrag.dat 2007-10-17 18:12 --------- d-----w C:\Program Files\DFX 2007-10-17 08:43 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Move Networks 2007-10-17 08:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\yahoo! 2007-10-17 08:43 --------- d--h--r C:\Documents and Settings\HP_Owner\Application Data\yahoo! 2007-10-17 08:42 --------- d-----w C:\Program Files\Common Files\Nullsoft 2007-10-17 08:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-10-17 08:41 --------- d-----w C:\Program Files\Multimedia Transcoding Tool 2007-10-17 08:40 --------- d-----w C:\Program Files\AOL 9.0a 2007-10-17 08:37 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AOL 2007-10-17 05:37 --------- d-----w C:\Program Files\web-radio 2007-10-17 04:09 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-10-12 04:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\HipSoft 2007-10-11 19:08 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM 2007-10-10 16:50 --------- d-----w C:\Program Files\ACNielsen 2007-10-06 17:11 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-10-06 08:43 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\WeatherBug 2007-09-29 19:48 --------- dc----w C:\Documents and Settings\All Users\Application Data\DFX 2007-09-28 18:34 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Babylon 2007-09-24 13:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2007-09-24 13:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2007-09-20 13:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-09-20 13:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-01-10 17:15 839,684 ----a-w C:\WINDOWS\Fonts\Crack.exe 2007-01-10 17:15 839,683 --sh--w C:\WINDOWS\Fonts\svchost.exe 2006-11-12 18:42 0 ----a-w C:\Program Files\Common Files\err.log 2006-09-19 18:10 1 -c--a-w C:\Documents and Settings\HP_Owner\SI.bin 2006-05-10 18:26 299 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\internaldb1942.dat 2006-01-26 20:53 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2007-01-10 17:15:15 839,683 --sh--w C:\WINDOWS\Fonts\svchost.exe 2005-11-15 21:39:10 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-15 01:32 144480 --a------ C:\WINDOWS\system32\usysykju.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d91edfd0-519c-4707-8869-95221c3f4bc3}] 2007-11-13 20:18 80448 --a--c--- C:\WINDOWS\system32\jwwspdfs.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}] 2007-11-14 02:21 37376 --a------ C:\WINDOWS\system32\nnnnkkk.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\usysykju.dll [2007-11-15 01:32 144480] [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\usysykju.dll [2007-11-15 01:32 144480] [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="SiSPower.dll" [2005-01-05 01:54 C:\WINDOWS\system32\SiSPower.dll] "CTHelper"="CTHELPER.EXE" [2003-11-14 03:18 C:\WINDOWS\system32\CTHELPER.EXE] "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 10:00] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 11:07] "tgcmd"="C:\Program Files\Support.com\BellSouth\hcenter.exe" [2005-08-31 13:14] "ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 12:12] "AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 15:09] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-18 21:47] "HostManager"="C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe" [2007-04-12 16:23] "Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-08-30 13:04] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32] "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 18:14] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 13:55] "Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-01-10 12:15] "combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-03 23:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02] "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 16:57] "AOL Fast Start"="C:\Program Files\AOL 9.0b\AOL.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 17:11] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-18 22:05] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-14 12:32] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "SetDefaultMIDI"=MIDIDEF.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}"= C:\WINDOWS\system32\nnnnkkk.dll [2007-11-14 02:21 37376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnkkk] nnnnkkk.dll 2007-11-14 02:21 37376 C:\WINDOWS\system32\nnnnkkk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usysykju] usysykju.dll 2007-11-15 01:32 144480 C:\WINDOWS\system32\usysykju.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnno.dll R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e29e2fbc-b976-11d9-bac2-806d6172696f}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Contents of the 'Scheduled Tasks' folder "2007-11-12 19:06:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-11-03 03:55:00 C:\WINDOWS\Tasks\Disk Cleanup.job" - C:\WINDOWS\system32\cleanmgr.exe "2007-11-12 13:57:00 C:\WINDOWS\Tasks\Find Duplicate Files.job" - C:\PROGRA~1\ADVANC~1\finddupe.exe "2007-11-09 21:45:01 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe "2007-05-23 02:40:25 C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe "2007-05-28 00:35:29 C:\WINDOWS\Tasks\HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe "2007-11-15 21:15:20 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2007-11-15 20:35:48 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2007-11-15 21:17:03 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe "2007-11-15 21:15:21 C:\WINDOWS\Tasks\XoftSpySE 2.job" - C:\Program Files\XoftSpySE\XoftSpy.exe "2007-11-15 19:06:20 C:\WINDOWS\Tasks\XoftSpySE.job" - C:\Program Files\XoftSpySE\XoftSpy.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-15 16:15:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-15 16:22:04 - machine was rebooted C:\ComboFix2.txt ... 2007-11-15 13:19 C:\ComboFix3.txt ... 2007-11-15 12:54 . --- E O F --- |
 |
 
|
|
Nov 15 2007, 06:52 PM
Post
#2
|
|
|
Member Group: Members Posts: 41 Joined: 15-November 07 From: key west Member No.: 169,947 |
and it happened again! I have Incredemail, could that be infected , here's the latest log
ComboFix 07-11-08.1 - HP_Owner 2007-11-15 18:09:22.10 - NTFSx86 Running from: C:\Documents and Settings\HP_Owner\My Documents\mozilla downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\HP_Owner\Desktop\Live Safety Center.lnk C:\Documents and Settings\HP_Owner\Desktop\Online Security Guide.lnk C:\Documents and Settings\HP_Owner\Favorites\Online Security Guide.lnk C:\WINDOWS\system32\ihkmp.bak1 C:\WINDOWS\system32\ihkmp.ini C:\WINDOWS\system32\pmkhi.dll C:\WINDOWS\system32\usysykju.dllbox . ((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))) . 2007-11-15 17:11 <DIR> d-------- C:\Program Files\Viewpoint 2007-11-15 15:32 <DIR> d-------- C:\Program Files\RegCure 2007-11-15 15:09 <DIR> d-------- C:\Program Files\Lavasoft 2007-11-15 15:09 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-15 14:06 <DIR> d-------- C:\Program Files\XoftSpySE 2007-11-15 01:32 144,480 --a--c--- C:\WINDOWS\system32\criktbeb.dll 2007-11-15 01:29 71,232 --a--c--- C:\WINDOWS\system32\qnggmrfw.exe 2007-11-14 02:37 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-14 02:37 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-14 02:37 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-14 02:37 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-14 02:37 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-14 02:37 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-14 02:37 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-14 02:37 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-14 02:21 37,376 --a------ C:\WINDOWS\system32\nnnnkkk.dll 2007-11-14 02:13 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2007-11-14 01:47 <DIR> d----c--- C:\VundoFix Backups 2007-11-13 22:43 37,376 --a------ C:\WINDOWS\system32\khfcdba.dll 2007-11-13 22:43 336 --a------ C:\WINDOWS\17PHolmes1188.exe 2007-11-13 22:06 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-13 20:24 144,480 --a--c--- C:\WINDOWS\system32\aipbnwrm.dll 2007-11-13 20:21 85,056 --a--c--- C:\WINDOWS\system32\bwnknnrh.dll 2007-11-13 20:18 80,448 --a--c--- C:\WINDOWS\system32\jwwspdfs.dll 2007-11-13 20:12 71,232 --a--c--- C:\WINDOWS\system32\eoxejuqf.exe 2007-11-13 05:01 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Roxio 2007-11-13 02:24 <DIR> d-------- C:\Program Files\WinMX Fix v.3.0 2007-11-13 02:24 <DIR> d-------- C:\Program Files\iTunes 2007-11-13 02:24 <DIR> d-------- C:\Program Files\iPod 2007-11-13 02:23 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2007-11-13 02:23 <DIR> d-------- C:\Program Files\Roxio 2007-11-13 02:23 <DIR> d-------- C:\Program Files\Remove Empty Directories 2007-11-13 02:23 <DIR> d-------- C:\Program Files\Maxis 2007-11-13 02:23 <DIR> d-------- C:\Program Files\InterVideo 2007-11-13 02:23 <DIR> d-------- C:\Program Files\Disney 2007-11-13 02:23 <DIR> d-------- C:\Program Files\Cosmi 2007-11-13 02:23 <DIR> d-------- C:\Program Files\Clipmarks 2007-11-13 02:23 <DIR> d-------- C:\Program Files\BaDoink 2007-11-13 02:23 <DIR> d-------- C:\Program Files\AGEIA Technologies 2007-11-13 02:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Roxio 2007-11-13 02:22 <DIR> d-------- C:\Program Files\Viewpoint(3) 2007-11-13 02:22 <DIR> d-------- C:\Program Files\Tencent 2007-11-13 02:22 <DIR> d-------- C:\Program Files\MySpace 2007-11-13 02:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-11-13 02:22 <DIR> d-------- C:\audio 2007-11-13 02:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(2) 2007-11-10 13:33 <DIR> d-------- C:\Program Files\AGEIA Technologies(2) 2007-11-09 19:19 <DIR> d-------- C:\Program Files\Aspyr 2007-11-09 15:18 <DIR> d-------- C:\Program Files\Apple Software Update 2007-11-08 23:11 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-11-08 23:09 134 --a--c--- C:\n.bat 2007-11-08 23:08 35,328 --a------ C:\WINDOWS\system32\yayxutq.dll 2007-11-08 23:08 0 --a--c--- C:\z.dat 2007-11-08 23:08 0 --a--c--- C:\x.dat 2007-11-07 15:42 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2007-11-07 15:42 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-11-07 15:42 <DIR> d-------- C:\Program Files\Legacy Interactive 2007-11-07 15:42 <DIR> d-------- C:\Program Files\GameSpy 2007-11-07 15:42 <DIR> d-------- C:\Program Files\Firaxis Games 2007-11-07 15:42 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2007-11-07 15:41 <DIR> d--h----- C:\Program Files\Zero G Registry 2007-11-07 15:41 <DIR> d-------- C:\Program Files\VstPlugins 2007-11-07 15:41 <DIR> d-------- C:\Program Files\UltraISO 2007-11-07 15:41 <DIR> d-------- C:\Program Files\Symantec 2007-11-07 15:41 <DIR> d-------- C:\Program Files\SoundSpectrum 2007-11-07 15:41 <DIR> d-------- C:\Program Files\SD EnterNET 2007-11-07 00:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MumboJumbo 2007-11-06 01:20 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-11-04 20:10 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll 2007-11-04 13:33 <DIR> d----c--- C:\c6616f9bfd906f1ad04bbed7e3dd4f 2007-11-04 13:30 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared 2007-11-04 13:30 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Sonic 2007-11-04 01:28 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Sierra Entertainment 2007-11-04 01:28 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-03 17:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-10-30 01:47 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Super-Cow 2007-10-29 01:58 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2007-10-29 01:58 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-29 01:58 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll 2007-10-29 01:58 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll 2007-10-25 02:25 <DIR> d-------- C:\Program Files\MSECache 2007-10-25 02:05 <DIR> d-------- C:\Program Files\Download Manager 2007-10-24 01:58 143,872 --a------ C:\WINDOWS\system32\iacenc.dll 2007-10-24 01:58 56,832 --a------ C:\WINDOWS\system32\iyvu9_32.dll 2007-10-24 01:44 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\QQ Games Plugin 2007-10-23 18:22 86,082 --a------ C:\WINDOWS\system32\ftdiunin.exe 2007-10-23 18:22 77,890 --a------ C:\WINDOWS\system32\FTLang.dll 2007-10-23 18:22 60,572 --a------ C:\WINDOWS\system32\drivers\ftser2k.sys 2007-10-23 18:22 48,625 --a------ C:\WINDOWS\system32\ftserui2.dll 2007-10-23 18:22 28,449 --a------ C:\WINDOWS\system32\drivers\ftdibus.sys 2007-10-20 12:32 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-10-20 12:32 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2007-10-20 02:30 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\iWin 2007-10-20 01:36 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll 2007-10-20 01:36 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll 2007-10-20 01:36 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll 2007-10-20 01:36 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2007-10-20 01:35 <DIR> d-------- C:\Program Files\coolpro2 2007-10-19 19:01 <DIR> d-------- C:\Program Files\Nero 2007-10-19 19:01 <DIR> d-------- C:\Program Files\Common Files\Nero . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-15 22:05 --------- d-----w C:\Program Files\Advanced System Optimizer 2007-11-15 21:55 --------- d-----w C:\Program Files\Trend Micro 2007-11-15 20:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-15 20:07 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-15 06:41 --------- d-----w C:\Program Files\Google 2007-11-14 03:07 --------- d-----w C:\Program Files\Java 2007-11-13 22:35 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-13 07:32 --------- d-----w C:\Program Files\Microsoft Games 2007-11-13 07:23 --------- d-----w C:\Program Files\QuickTime 2007-11-13 07:23 --------- d-----w C:\Program Files\LimeWire 2007-11-12 01:31 9,046 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat 2007-11-10 18:52 --------- d-----w C:\Program Files\InterActual 2007-11-10 00:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-09 23:12 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\IGN_DLM 2007-11-07 23:53 --------- d-----w C:\Program Files\Common Files\aolshare 2007-11-07 23:53 --------- d-----w C:\Program Files\Common Files\AOL 2007-11-07 20:42 --------- d-----w C:\Program Files\HPQ 2007-11-07 19:22 --------- d-----w C:\Program Files\Yahoo! 2007-11-07 19:22 --------- d-----w C:\Program Files\Support.com 2007-11-07 19:21 --------- d-----w C:\Program Files\Real 2007-11-07 19:21 --------- d-----w C:\Program Files\Online Backup 2007-11-07 19:21 --------- d-----w C:\Program Files\MSN Toolbar Suite 2007-11-07 19:21 --------- d-----w C:\Program Files\MSN Messenger 2007-11-07 19:21 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-11-07 19:21 --------- d-----w C:\Program Files\ICOO Loader 2007-11-07 19:20 --------- d-----w C:\Program Files\GameSpy Arcade 2007-11-04 18:29 --------- d-----w C:\Program Files\Sonic 2007-10-24 06:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-10-22 22:54 --------- d-----w C:\Program Files\Microsoft IntelliType Pro 2007-10-20 22:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\muvee Technologies 2007-10-20 22:05 --------- d-----w C:\Program Files\AskTBar 2007-10-20 17:52 --------- d-----w C:\Program Files\Common Files\muvee Technologies 2007-10-20 00:11 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nero 2007-10-20 00:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero 2007-10-19 20:13 --------- d-----w C:\Program Files\AusLogics Disk Defrag 2007-10-19 19:47 --------- d-----w C:\Program Files\Common Files\Ahead 2007-10-19 17:47 --------- d-----w C:\Program Files\PConPoint 2007-10-19 17:07 --------- d-----w C:\Program Files\Easy Internet signup 2007-10-19 16:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL 2007-10-19 15:52 --------- d-----w C:\Program Files\IncrediMail 2007-10-19 05:37 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Intuit 2007-10-19 05:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\Intuit 2007-10-19 05:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-19 05:20 --------- d-----w C:\Program Files\Common Files\Real 2007-10-19 05:18 --------- d-----w C:\Program Files\AOL Computer Check-Up 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0f 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0e 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0b 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0 2007-10-19 04:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\QuickTime 2007-10-19 04:40 --------- d-----w C:\Program Files\HP 2007-10-19 04:33 1,716 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PY208AV-ABA a1030e_YC_0Pavi_QMXG530_E53NAheBLU5_47_ISalmon_SASUSTek Computer INC._V1.04_B3.15_T051019_WXH2_L409_M896_J80_7AMD_8Sempron_91.81_#050913_N1039090 0_Z11C1048C_G10396330.MRK 2007-10-19 04:30 --------- d---a-w C:\Program Files\Common Files\LightScribe 2007-10-19 03:44 --------- d-----w C:\Program Files\Webshots 2007-10-19 02:54 --------- d-----w C:\Program Files\Rhapsody 2007-10-19 02:13 --------- d-----w C:\Program Files\BellSouth 2007-10-19 02:10 132,675 ----a-w C:\Program Files\INSTALL.LOG 2007-10-19 02:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-19 00:17 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\BellSouth 2007-10-19 00:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\BellSouth 2007-10-19 00:04 --------- d-----w C:\Program Files\Common Files\Motive 2007-10-18 23:50 4 -c--a-w C:\WINDOWSRegDefrag.dat 2007-10-17 18:12 --------- d-----w C:\Program Files\DFX 2007-10-17 08:43 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Move Networks 2007-10-17 08:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\yahoo! 2007-10-17 08:43 --------- d--h--r C:\Documents and Settings\HP_Owner\Application Data\yahoo! 2007-10-17 08:42 --------- d-----w C:\Program Files\Common Files\Nullsoft 2007-10-17 08:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-10-17 08:41 --------- d-----w C:\Program Files\Multimedia Transcoding Tool 2007-10-17 08:40 --------- d-----w C:\Program Files\AOL 9.0a 2007-10-17 08:37 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AOL 2007-10-17 05:37 --------- d-----w C:\Program Files\web-radio 2007-10-17 04:09 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-10-12 04:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\HipSoft 2007-10-11 19:08 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM 2007-10-10 16:50 --------- d-----w C:\Program Files\ACNielsen 2007-10-06 17:11 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-10-06 08:43 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\WeatherBug 2007-09-29 19:48 --------- dc----w C:\Documents and Settings\All Users\Application Data\DFX 2007-09-28 18:34 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Babylon 2007-09-24 13:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2007-09-24 13:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2007-09-20 13:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe 2007-09-20 13:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-01-10 17:15 839,684 ----a-w C:\WINDOWS\Fonts\Crack.exe 2007-01-10 17:15 839,683 --sh--w C:\WINDOWS\Fonts\svchost.exe 2006-11-12 18:42 0 ----a-w C:\Program Files\Common Files\err.log 2006-09-19 18:10 1 -c--a-w C:\Documents and Settings\HP_Owner\SI.bin 2006-05-10 18:26 299 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\internaldb1942.dat 2006-01-26 20:53 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2007-01-10 17:15:15 839,683 --sh--w C:\WINDOWS\Fonts\svchost.exe 2005-11-15 21:39:10 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d91edfd0-519c-4707-8869-95221c3f4bc3}] 2007-11-13 20:18 80448 --a--c--- C:\WINDOWS\system32\jwwspdfs.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}] 2007-11-14 02:21 37376 --a------ C:\WINDOWS\system32\nnnnkkk.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="SiSPower.dll" [2005-01-05 01:54 C:\WINDOWS\system32\SiSPower.dll] "CTHelper"="CTHELPER.EXE" [2003-11-14 03:18 C:\WINDOWS\system32\CTHELPER.EXE] "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 10:00] "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 11:07] "tgcmd"="C:\Program Files\Support.com\BellSouth\hcenter.exe" [2005-08-31 13:14] "ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 12:12] "AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 15:09] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-18 21:47] "HostManager"="C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe" [2007-04-12 16:23] "Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-08-30 13:04] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32] "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 18:14] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 13:55] "Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-01-10 12:15] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02] "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 16:57] "AOL Fast Start"="C:\Program Files\AOL 9.0b\AOL.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 17:11] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-18 22:05] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-11-14 12:32] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "SpybotDeletingB2355"=command /c del "C:\WINDOWS\system32\usysykju.dll_old" "SpybotDeletingD5429"=cmd /c del "C:\WINDOWS\system32\usysykju.dll_old" "SpybotDeletingB6316"=command /c del "C:\WINDOWS\system32\usysykju.dll" "SpybotDeletingD1614"=cmd /c del "C:\WINDOWS\system32\usysykju.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "SpybotDeletingA781"=command /c del "C:\WINDOWS\system32\usysykju.dll_old" "SpybotDeletingC8533"=cmd /c del "C:\WINDOWS\system32\usysykju.dll_old" "SpybotDeletingA9287"=command /c del "C:\WINDOWS\system32\usysykju.dll" "SpybotDeletingC3200"=cmd /c del "C:\WINDOWS\system32\usysykju.dll" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "SetDefaultMIDI"=MIDIDEF.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}"= C:\WINDOWS\system32\nnnnkkk.dll [2007-11-14 02:21 37376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnkkk] nnnnkkk.dll 2007-11-14 02:21 37376 C:\WINDOWS\system32\nnnnkkk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usysykju] usysykju.dll R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe S3 Radialpoint Security Services;AT&T Internet Security Suite;C:\WINDOWS\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874} [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e29e2fbc-b976-11d9-bac2-806d6172696f}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Contents of the 'Scheduled Tasks' folder "2007-11-12 19:06:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-11-03 03:55:00 C:\WINDOWS\Tasks\Disk Cleanup.job" - C:\WINDOWS\system32\cleanmgr.exe "2007-11-12 13:57:00 C:\WINDOWS\Tasks\Find Duplicate Files.job" - C:\PROGRA~1\ADVANC~1\finddupe.exe "2007-11-09 21:45:01 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe "2007-05-23 02:40:25 C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe "2007-05-28 00:35:29 C:\WINDOWS\Tasks\HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe "2007-11-15 23:17:14 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2007-11-15 20:35:48 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2007-11-15 23:12:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe "2007-11-15 23:21:05 C:\WINDOWS\Tasks\XoftSpySE 2.job" - C:\Program Files\XoftSpySE\XoftSpy.exe "2007-11-15 19:06:20 C:\WINDOWS\Tasks\XoftSpySE.job" - C:\Program Files\XoftSpySE\XoftSpy.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-15 18:18:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-15 18:21:32 - machine was rebooted C:\ComboFix2.txt ... 2007-11-15 16:22 C:\ComboFix3.txt ... 2007-11-15 13:19 . --- E O F --- |
|
|
|
|
Nov 28 2007, 08:12 AM
Post
#3
|
|
 The BSG Malware Fighter Group: HJT Team Coach Posts: 6,643 Joined: 20-April 06 From: Hamburg Member No.: 64,788 |
Hello rvbeaumont and welcome to BleepingComputer!
Apollogies for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide For Use Before Posting A Hijackthis Log. Thanks, Johannes -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE -  |
|
|
|
|
Nov 29 2007, 02:13 AM
Post
#4
|
|
|
Member Group: Members Posts: 41 Joined: 15-November 07 From: key west Member No.: 169,947 |
It's back, just did combofix, and readded destroy, already have a great spyware, will run, but here is the latest log, and it didn't take it away, will try again, and log it on again.
ComboFix 07-11-19.4 - HP_Owner 2007-11-29 1:30:56.13 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.405 [GMT -5:00]Running from: C:\Documents and Settings\HP_Owner\My Documents\My Videos\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\HP_Owner\Desktop\Live Safety Center.lnk C:\Documents and Settings\HP_Owner\Desktop\Online Security Guide.lnk C:\Documents and Settings\HP_Owner\Favorites\Online Security Guide.lnk C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\temp\tn3 C:\WINDOWS\cookies.ini C:\WINDOWS\system32\c1 C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\core.sys C:\WINDOWS\system32\ihkmp.bak1 C:\WINDOWS\system32\ihkmp.bak2 C:\WINDOWS\system32\ihkmp.ini C:\WINDOWS\system32\j2 C:\WINDOWS\system32\j2\ppjup83122.exe C:\WINDOWS\system32\m8 C:\WINDOWS\system32\m8\nsts2dll1.exe C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\pmkhi.dll C:\WINDOWS\system32\pzvyotou.dllbox . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CORE -------\LEGACY_DOMAINSERVICE -------\core -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 ))))))))))))))))))))))))))))))) . 2007-11-29 01:48 0 ---hs---- C:\WINDOWS\system32\pzvyotou.dllbox 2007-11-29 01:22 789,408 ---hs---- C:\WINDOWS\system32\kysndupv.ini 2007-11-29 01:17 144,480 --a------ C:\WINDOWS\system32\pzvyotou.dll 2007-11-29 01:16 144,480 --a--c--- C:\WINDOWS\system32\xkiuhcwh.dll 2007-11-29 01:13 77,888 --a--c--- C:\WINDOWS\system32\haecltty.dll 2007-11-29 01:11 71,232 --a--c--- C:\WINDOWS\system32\ndkttktx.exe 2007-11-27 23:26 36,864 --a------ C:\WINDOWS\system32\gebxutu.dll 2007-11-27 19:58 789,288 --ahs---- C:\WINDOWS\system32\rpddfylh.ini 2007-11-27 19:49 71,232 --a--c--- C:\WINDOWS\system32\astbfaoq.exe 2007-11-27 18:55 294 --ahs---- C:\WINDOWS\system32\lekemoub.ini 2007-11-27 12:06 78,912 --a--c--- C:\WINDOWS\system32\hggwfuxq.dll 2007-11-27 12:03 85,056 --a--c--- C:\WINDOWS\system32\lqhqyjwt.dll 2007-11-27 12:03 526 --ahs---- C:\WINDOWS\system32\twjyqhql.ini 2007-11-27 12:01 71,232 --a--c--- C:\WINDOWS\system32\hoebwqke.exe 2007-11-27 04:09 78,912 --a--c--- C:\WINDOWS\system32\ucvacjes.dll 2007-11-27 04:09 354 --ahs---- C:\WINDOWS\system32\raopqtos.ini 2007-11-27 04:08 36,864 --a------ C:\WINDOWS\system32\nnnkkjh.dll 2007-11-27 04:06 71,232 --a--c--- C:\WINDOWS\system32\amlmghtc.exe 2007-11-27 03:57 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{FAE72283-E912-4CA0-A263-E07183A4AF20} 2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8} 2007-11-27 03:01 36 --ah----- C:\WINDOWS\system32\f9t.dat 2007-11-27 01:51 <DIR> d-------- C:\Program Files\iTunes 2007-11-26 20:40 80,960 --a--c--- C:\WINDOWS\system32\lyrgompo.dll 2007-11-26 20:37 85,056 --a--c--- C:\WINDOWS\system32\gocqxgou.dll 2007-11-26 20:37 534 --ahs---- C:\WINDOWS\system32\uogxqcog.ini 2007-11-26 20:35 71,232 --a--c--- C:\WINDOWS\system32\ahjllxju.exe 2007-11-26 20:09 80,960 --a--c--- C:\WINDOWS\system32\tktcfhak.dll 2007-11-26 20:09 474 --ahs---- C:\WINDOWS\system32\lqhtxddv.ini 2007-11-26 20:01 71,232 --a--c--- C:\WINDOWS\system32\gnbomdsc.exe 2007-11-26 03:49 354 --ahs---- C:\WINDOWS\system32\pnevawfw.ini 2007-11-26 03:45 80,960 --a--c--- C:\WINDOWS\system32\qmckutyp.dll 2007-11-26 03:40 71,232 --a--c--- C:\WINDOWS\system32\qccvxgpq.exe 2007-11-25 14:36 79,936 --a--c--- C:\WINDOWS\system32\rnghanvc.dll 2007-11-25 14:33 85,056 --a--c--- C:\WINDOWS\system32\mgigrpgh.dll 2007-11-25 14:33 294 --ahs---- C:\WINDOWS\system32\hgprgigm.ini 2007-11-25 14:31 71,232 --a--c--- C:\WINDOWS\system32\pkjrdxeq.exe 2007-11-25 13:35 79,936 --a--c--- C:\WINDOWS\system32\ynsnofiw.dll 2007-11-25 13:29 85,056 --a--c--- C:\WINDOWS\system32\hdisunts.dll 2007-11-25 13:29 414 --ahs---- C:\WINDOWS\system32\stnusidh.ini 2007-11-25 13:28 71,232 --a--c--- C:\WINDOWS\system32\gjkqifcb.exe 2007-11-25 01:57 79,936 --a--c--- C:\WINDOWS\system32\okgnmwqk.dll 2007-11-25 01:52 354 --ahs---- C:\WINDOWS\system32\dcmwijdi.ini 2007-11-25 01:50 71,232 --a--c--- C:\WINDOWS\system32\jusuqald.exe 2007-11-24 15:01 85,056 --a--c--- C:\WINDOWS\system32\txhsordg.dll 2007-11-24 15:01 294 --ahs---- C:\WINDOWS\system32\gdroshxt.ini 2007-11-24 14:58 81,472 --a--c--- C:\WINDOWS\system32\ddxfxlrq.dll 2007-11-24 14:55 71,232 --a--c--- C:\WINDOWS\system32\hgnccvss.exe 2007-11-23 12:17 83,520 --a--c--- C:\WINDOWS\system32\squneltu.dll 2007-11-23 12:11 85,056 --a--c--- C:\WINDOWS\system32\myvborev.dll 2007-11-23 12:09 71,232 --a--c--- C:\WINDOWS\system32\datqxpxm.exe 2007-11-23 02:50 <DIR> d-------- C:\Program Files\Microsoft Games 2007-11-23 02:50 83,520 --a--c--- C:\WINDOWS\system32\pesuexct.dll 2007-11-23 02:42 71,232 --a--c--- C:\WINDOWS\system32\ennqbiwg.exe 2007-11-23 01:32 83,520 --a--c--- C:\WINDOWS\system32\lofpawas.dll 2007-11-23 01:29 85,056 --a--c--- C:\WINDOWS\system32\gawvyhes.dll 2007-11-23 01:29 294 --ahs---- C:\WINDOWS\system32\sehyvwag.ini 2007-11-23 01:24 71,232 --a--c--- C:\WINDOWS\system32\ikersexg.exe 2007-11-23 01:00 83,520 --a--c--- C:\WINDOWS\system32\jwycvwpy.dll 2007-11-23 00:54 85,056 --a--c--- C:\WINDOWS\system32\xlhqqrlv.dll 2007-11-23 00:52 71,232 --a--c--- C:\WINDOWS\system32\iipiulaw.exe 2007-11-22 23:51 79,936 --a--c--- C:\WINDOWS\system32\rppbtokh.dll 2007-11-22 23:48 714,650 --ahs---- C:\WINDOWS\system32\ofspjqii.ini 2007-11-22 23:48 85,056 --a--c--- C:\WINDOWS\system32\iiqjpsfo.dll 2007-11-22 23:43 71,232 --a--c--- C:\WINDOWS\system32\yskbmyoy.exe 2007-11-21 19:41 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\iWin 2007-11-21 16:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\SampleView 2007-11-21 16:30 <DIR> d-------- C:\Program Files\LimeWire 2007-11-21 15:20 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX 2007-11-21 15:02 80,960 --a--c--- C:\WINDOWS\system32\bivsylaf.dll 2007-11-21 14:59 714,590 --ahs---- C:\WINDOWS\system32\ytxcdfwy.ini 2007-11-21 14:57 71,232 --a--c--- C:\WINDOWS\system32\mcxotbcu.exe 2007-11-21 12:58 80,960 --a--c--- C:\WINDOWS\system32\rssruhne.dll 2007-11-21 12:52 714,461 --ahs---- C:\WINDOWS\system32\jqgrnofu.ini 2007-11-21 12:51 <DIR> d-------- C:\WINDOWS\system32\rMa05yy 2007-11-21 12:51 <DIR> d-------- C:\temp\abW9 2007-11-21 12:50 71,232 --a--c--- C:\WINDOWS\system32\niyldnmh.exe 2007-11-20 12:17 714,341 --ahs---- C:\WINDOWS\system32\jyahqbll.ini 2007-11-20 12:11 84,544 --a--c--- C:\WINDOWS\system32\fhuuiwdv.dll 2007-11-20 12:08 71,232 --a--c--- C:\WINDOWS\system32\ytwrvmwl.exe 2007-11-19 16:44 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\ArcSoft 2007-11-19 16:42 230,432 --a--c--- C:\PA7311.DAT 2007-11-19 16:39 <DIR> d-------- C:\Program Files\VGA USB Camera 2007-11-19 16:39 6,656 --a------ C:\WINDOWS\system32\CoInst.dll 2007-11-19 16:39 518 --a------ C:\WINDOWS\system32\SP7311.INI 2007-11-19 15:40 53,248 --a------ C:\WINDOWS\system32\PAStiSvc.exe 2007-11-19 15:39 <DIR> d-------- C:\WINDOWS\PixArt 2007-11-19 15:11 <DIR> d-------- C:\Program Files\Common Files\ArcSoft 2007-11-19 15:11 <DIR> d-------- C:\Program Files\ArcSoft 2007-11-19 15:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll 2007-11-19 15:11 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL 2007-11-19 15:11 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys 2007-11-19 12:18 685,712 --ahs---- C:\WINDOWS\system32\xjbmwhgg.ini 2007-11-19 12:18 85,056 --a--c--- C:\WINDOWS\system32\gghwmbjx.dll 2007-11-19 12:15 83,008 --a--c--- C:\WINDOWS\system32\redpfdtq.dll 2007-11-18 12:14 79,424 --a--c--- C:\WINDOWS\system32\dvodghbp.dll 2007-11-18 12:11 677,929 --ahs---- C:\WINDOWS\system32\nihodhut.ini 2007-11-18 12:11 85,056 --a--c--- C:\WINDOWS\system32\tuhdohin.dll 2007-11-18 12:08 71,232 --a--c--- C:\WINDOWS\system32\fvlxugyf.exe 2007-11-17 12:16 85,056 --a--c--- C:\WINDOWS\system32\xodqlyvu.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-29 06:49 36,864 -c--a-w C:\svchost.exe 2007-11-27 09:38 --------- d-----w C:\Program Files\Real 2007-11-27 08:56 --------- d-----w C:\Program Files\Common Files\Real 2007-11-27 08:03 --------- d-----w C:\Program Files\Stamps.com Internet Postage 2007-11-27 07:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\{75EE35BC-E993-41FD-9DBA-9AD37F50E521} 2007-11-27 01:05 9,356 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat 2007-11-26 08:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-26 08:14 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\IGN_DLM 2007-11-23 05:51 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-21 17:49 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AT&T 2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\My Battle for Middle-earth Files 2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Move Networks 2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Audacity 2007-11-21 08:40 --------- d--h--r C:\Documents and Settings\HP_Owner\Application Data\yahoo! 2007-11-21 08:40 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Viewpoint 2007-11-21 06:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-20 07:21 --------- d-----w C:\Program Files\Common Files\AOL 2007-11-20 07:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-11-19 22:23 --------- d-----w C:\Program Files\Common Files\Logitech 2007-11-19 18:44 --------- d-----w C:\Program Files\Google 2007-11-19 18:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-19 17:42 --------- d-----w C:\Program Files\Yahoo! 2007-11-19 17:42 --------- d-----w C:\Program Files\QuickTime 2007-11-19 17:42 --------- d-----w C:\Program Files\Online Backup 2007-11-19 17:42 --------- d-----w C:\Program Files\MSN Toolbar Suite 2007-11-19 17:42 --------- d-----w C:\Program Files\MSN Messenger 2007-11-19 17:41 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-11-19 17:41 --------- d-----w C:\Program Files\Java 2007-11-19 17:41 --------- d-----w C:\Program Files\ICOO Loader 2007-11-19 17:41 --------- d-----w C:\Program Files\HPQ 2007-11-19 17:41 --------- d-----w C:\Program Files\GameSpy Arcade 2007-11-19 17:40 --------- d-----w C:\Program Files\Common Files\aolshare 2007-11-19 17:40 --------- d-----w C:\Program Files\America Online 9.0i 2007-11-17 19:13 --------- d-----w C:\Program Files\Common Files\Motive 2007-11-15 22:05 --------- d-----w C:\Program Files\Advanced System Optimizer 2007-11-15 21:55 --------- d-----w C:\Program Files\Trend Micro 2007-11-13 22:35 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-10 18:52 --------- d-----w C:\Program Files\InterActual 2007-11-08 23:16 --------- d-----w C:\Program Files\coolpro2 2007-11-04 18:29 --------- d-----w C:\Program Files\Sonic 2007-10-25 07:25 --------- d-----w C:\Program Files\MSECache 2007-10-25 07:05 --------- d-----w C:\Program Files\Download Manager 2007-10-24 06:44 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\QQ Games Plugin 2007-10-22 22:54 --------- d-----w C:\Program Files\Microsoft IntelliType Pro 2007-10-20 22:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\muvee Technologies 2007-10-20 17:52 --------- d-----w C:\Program Files\Common Files\muvee Technologies 2007-10-20 00:11 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nero 2007-10-20 00:03 --------- d-----w C:\Program Files\Common Files\Nero 2007-10-20 00:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero 2007-10-20 00:01 --------- d-----w C:\Program Files\Nero 2007-10-19 20:13 --------- d-----w C:\Program Files\AusLogics Disk Defrag 2007-10-19 19:47 --------- d-----w C:\Program Files\Common Files\Ahead 2007-10-19 17:47 --------- d-----w C:\Program Files\PConPoint 2007-10-19 17:07 --------- d-----w C:\Program Files\Easy Internet signup 2007-10-19 16:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL 2007-10-19 15:52 --------- d-----w C:\Program Files\IncrediMail 2007-10-19 15:23 --------- d-----w C:\Program Files\AOL Companion 2007-10-19 05:41 --------- d-----w C:\Program Files\Audacity 2007-10-19 05:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\Intuit 2007-10-19 05:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-19 05:19 --------- d-----w C:\Program Files\BellSouth Application Management 2007-10-19 05:18 --------- d-----w C:\Program Files\AOL Computer Check-Up 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0f 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0e 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0b 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0 2007-10-19 04:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\QuickTime 2007-10-19 04:40 --------- d-----w C:\Program Files\Learn2.com 2007-10-19 04:40 --------- d-----w C:\Program Files\HP 2007-10-19 04:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Symantec 2007-10-19 04:34 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer 2007-10-19 04:33 1,716 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PY208AV-ABA a1030e_YC_0Pavi_QMXG530_E53NAheBLU5_47_ISalmon_SASUSTek Computer INC._V1.04_B3.15_T051019_WXH2_L409_M896_J80_7AMD_8Sempron_91.81_#050913_N1039090 0_Z11C1048C_G10396330.MRK 2007-10-19 04:30 --------- d---a-w C:\Program Files\Common Files\LightScribe 2007-10-19 03:44 --------- d-----w C:\Program Files\Webshots 2007-10-19 03:27 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys 2007-10-19 02:54 --------- d-----w C:\Program Files\Rhapsody 2007-10-19 02:21 --------- d-----w C:\Program Files\Common Files\Scanner 2007-10-19 02:16 --------- dc----w C:\Documents and Settings\All Users\Application Data\Raxco 2007-10-19 02:16 --------- d-----w C:\Program Files\Raxco 2007-10-19 02:16 --------- d-----w C:\Program Files\Common Files\Authentium 2007-10-19 02:15 --------- dc----w C:\Documents and Settings\All Users\Application Data\AT&T 2007-10-19 02:15 --------- d-----w C:\Program Files\CA 2007-10-19 02:15 --------- d-----w C:\Program Files\AT&T 2007-10-19 02:13 --------- d-----w C:\Program Files\BellSouth 2007-10-19 02:10 132,675 ----a-w C:\Program Files\INSTALL.LOG 2007-10-19 02:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-19 00:17 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\BellSouth 2007-10-19 00:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\BellSouth 2007-10-19 00:08 --------- d-----w C:\Program Files\Common Files\SupportSoft 2007-10-18 23:50 4 -c--a-w C:\WINDOWSRegDefrag.dat 2007-10-17 21:39 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\URSoft 2007-10-17 18:12 --------- d-----w C:\Program Files\DFX 2007-10-17 08:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Babylon 2007-10-17 08:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\yahoo! 2007-10-17 08:42 --------- d-----w C:\Program Files\Common Files\Nullsoft 2007-10-17 08:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-10-17 08:41 --------- d-----w C:\Program Files\Multimedia Transcoding Tool 2007-10-17 08:40 --------- d-----w C:\Program Files\AOL 9.0a 2007-10-17 08:37 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AOL 2007-10-17 04:09 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-01-10 17:15 290,817 --sh--w C:\WINDOWS\Fonts\svchost.exe 2005-11-15 21:39 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02914A9D-75B0-48FA-9FF4-6593633F86B9}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14EF0ED5-350D-4D1E-BD83-912E8890233C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17ADD453-B11F-48B9-9A91-FF61E0443962}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DF88ED8-3757-4741-BD74-5380C9618EA9}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{554AE99C-B34F-4708-8B30-09FFEDBBFFC4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68B23624-4DAA-4A6E-808A-AA0A766014FC}] 2007-08-02 08:43 282624 --a------ C:\Program Files\MSN Gaming Zone\niqy83122.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7398f3b7-2336-4a93-8f05-f9e77ef24dbc}] 2007-11-29 01:52 171520 --a------ C:\WINDOWS\system32\prowfvt.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7527f8af-4e27-40f5-a273-903aebd7ba40}] 2007-11-29 01:13 77888 --a--c--- C:\WINDOWS\system32\haecltty.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C6D3701-B4E2-4222-BA7B-A1148A7D043D}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E08ACE5-DA89-48D4-B3EE-F0D4F9564C5A}] 2007-08-02 08:43 282624 --a------ C:\Program Files\MSN Gaming Zone\niqy4444.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984CC232-B0BD-427B-99B6-A68494725B53}] 2007-08-02 08:43 282624 --a------ C:\Program Files\MSN Gaming Zone\niqy83122.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-29 01:17 144480 --a------ C:\WINDOWS\system32\pzvyotou.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC4E019E-26B4-45C5-ADEE-C26BD9BB2701}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}] 2007-11-14 02:21 37376 --a------ C:\WINDOWS\system32\nnnnkkk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E29E966E-BA13-4EB5-B7E4-9045E6799DF2}] 2007-11-29 01:52 322144 --a------ C:\WINDOWS\system32\mljjh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6763192-2D5B-4DAF-A49F-0592182BD33E}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72C75C6-DD4F-47CA-9BED-E5265D6BB412}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6711FDD-6B25-4A67-B8C3-9B1BE96BC87A}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\pzvyotou.dll [2007-11-29 01:17 144480] [HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\pzvyotou.dll [2007-11-29 01:17 144480] [HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 17:11] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-18 22:05] "WebBuying"="C:\Program Files\Web Buying\v1.8.6\webbuying.exe" [2007-11-29 01:51] "Insider"="C:\Program Files\Insider\Insider.exe" [2007-11-29 01:55] "WinTouch"="C:\Documents and Settings\HP_Owner\Application Data\WinTouch\WinTouch.exe" [2007-11-29 02:00] "SfKg6w"="C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Windows\rayiou.exe" [2007-11-29 02:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="Rundll32.exe" [2004-08-03 23:00 C:\WINDOWS\system32\rundll32.exe] "CTHelper"="CTHELPER.EXE" [2003-11-14 03:18 C:\WINDOWS\system32\CTHELPER.EXE] "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 10:00] "ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 12:12] "AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 15:09] "HostManager"="C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe" [2007-04-12 16:23] "Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-08-30 13:04] "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 18:14] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34] "Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-01-10 12:15] "HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-10-22 10:27] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-27 03:53] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 13:55] "0c9120a5"="C:\WINDOWS\system32\vpudnsyk.dll" [2007-11-29 01:22] "runner1"="C:\WINDOWS\mrofinu1188.exe" [2007-11-29 01:51] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 04:13 C:\WINDOWS\MIDIDEF.EXE] C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-09-15 22:44:01] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}"= C:\WINDOWS\system32\nnnnkkk.dll [2007-11-14 02:21 37376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnkkk] nnnnkkk.dll 2007-11-14 02:21 37376 C:\WINDOWS\system32\nnnnkkk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pzvyotou] pzvyotou.dll 2007-11-29 01:17 144480 C:\WINDOWS\system32\pzvyotou.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usysykju] usysykju.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\mljjh.dll path= backup= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c9120a5] rundll32.exe C:\WINDOWS\system32\gocqxgou.dll,b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] 2004-04-07 11:07 496752 --a------ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 15:24 54840 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] c:\progra~1\common~1\instal~1\update~1\issch.exe -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBInstall] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\MBDownloader_876923.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257 R3 PAC7311;VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e29e2fbc-b976-11d9-bac2-806d6172696f}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 *Newly Created Service* - CORE . Contents of the 'Scheduled Tasks' folder "2007-11-24 04:55:00 C:\WINDOWS\Tasks\Disk Cleanup.job" - C:\WINDOWS\system32\cleanmgr.exe "2007-11-26 13:57:00 C:\WINDOWS\Tasks\Find Duplicate Files.job" - C:\PROGRA~1\ADVANC~1\finddupe.exe "2007-11-28 22:15:06 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe "2007-05-23 02:40:25 C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-05-28 00:35:29 C:\WINDOWS\Tasks\HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-11-29 06:48:23 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2007-11-22 11:57:40 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2007-11-29 07:02:01 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe "2007-11-29 06:48:22 C:\WINDOWS\Tasks\XoftSpySE 2.job" - C:\Program Files\XoftSpySE\XoftSpy.exe "2007-11-27 08:01:31 C:\WINDOWS\Tasks\XoftSpySE.job" - C:\Program Files\XoftSpySE\XoftSpy.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-29 01:48:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\pac.txt 279600 bytes C:\WINDOWS\system32\prowfvt.dll 171520 bytes executable C:\WINDOWS\system32\hjjlm.ini 320 bytes C:\WINDOWS\system32\daSgo18 scan completed successfully hidden files: 4 ************************************************************************** . Completion time: 2007-11-29 2:04:17 - machine was rebooted C:\ComboFix2.txt ... 2007-11-27 23:38 C:\ComboFix3.txt ... 2007-11-15 19:47 . --- E O F --- |
|
|
|
|
Nov 29 2007, 11:49 AM
Post
#5
|
|
|
Member Group: Members Posts: 41 Joined: 15-November 07 From: key west Member No.: 169,947 |
well I forgot to unplug the internet,so the last one did nothing, and I think it's popping up again. I have unabled IE and working on firefox. Here's the latest
ComboFix 07-11-19.4 - HP_Owner 2007-11-29 4:20:52.16 - NTFSx86 Running from: C:\Documents and Settings\HP_Owner\My Documents\My Videos\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\HP_Owner\Desktop\Live Safety Center.lnk C:\Documents and Settings\HP_Owner\Desktop\Online Security Guide.lnk C:\Documents and Settings\HP_Owner\Favorites\Online Security Guide.lnk C:\WINDOWS\system32\pzvyotou.dllbox . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 ))))))))))))))))))))))))))))))) . 2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\mm6 2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\hv2 2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\ft21 2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\dr1 2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\daSgo18 2007-11-29 01:51 <DIR> d-------- C:\temp\bkR11 2007-11-29 01:51 37,376 --a------ C:\WINDOWS\system32\byxwwts.dll 2007-11-29 01:22 1,407,109 ---hs---- C:\WINDOWS\system32\kysndupv.ini 2007-11-29 01:22 85,056 --a--c--- C:\WINDOWS\system32\vpudnsyk.dll 2007-11-29 01:17 144,480 --------- C:\WINDOWS\system32\pzvyotou.dll_old 2007-11-29 01:17 144,480 --ah----- C:\WINDOWS\system32\pzvyotou.dll 2007-11-29 01:16 144,480 --a--c--- C:\WINDOWS\system32\xkiuhcwh.dll 2007-11-29 01:13 77,888 --a--c--- C:\WINDOWS\system32\haecltty.dll 2007-11-27 23:26 36,864 --a------ C:\WINDOWS\system32\gebxutu.dll 2007-11-27 19:58 789,288 --ahs---- C:\WINDOWS\system32\rpddfylh.ini 2007-11-27 18:55 294 --ahs---- C:\WINDOWS\system32\lekemoub.ini 2007-11-27 12:06 78,912 --a--c--- C:\WINDOWS\system32\hggwfuxq.dll 2007-11-27 12:03 85,056 --a--c--- C:\WINDOWS\system32\lqhqyjwt.dll 2007-11-27 12:03 526 --ahs---- C:\WINDOWS\system32\twjyqhql.ini 2007-11-27 04:09 78,912 --a--c--- C:\WINDOWS\system32\ucvacjes.dll 2007-11-27 04:09 354 --ahs---- C:\WINDOWS\system32\raopqtos.ini 2007-11-27 04:08 36,864 --a------ C:\WINDOWS\system32\nnnkkjh.dll 2007-11-27 03:57 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{FAE72283-E912-4CA0-A263-E07183A4AF20} 2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8} 2007-11-27 03:01 36 --ah----- C:\WINDOWS\system32\f9t.dat 2007-11-27 01:51 <DIR> d-------- C:\Program Files\iTunes 2007-11-26 20:40 80,960 --a--c--- C:\WINDOWS\system32\lyrgompo.dll 2007-11-26 20:37 85,056 --a--c--- C:\WINDOWS\system32\gocqxgou.dll 2007-11-26 20:37 534 --ahs---- C:\WINDOWS\system32\uogxqcog.ini 2007-11-26 20:09 80,960 --a--c--- C:\WINDOWS\system32\tktcfhak.dll 2007-11-26 20:09 474 --ahs---- C:\WINDOWS\system32\lqhtxddv.ini 2007-11-26 03:49 354 --ahs---- C:\WINDOWS\system32\pnevawfw.ini 2007-11-26 03:45 80,960 --a--c--- C:\WINDOWS\system32\qmckutyp.dll 2007-11-25 14:36 79,936 --a--c--- C:\WINDOWS\system32\rnghanvc.dll 2007-11-25 14:33 85,056 --a--c--- C:\WINDOWS\system32\mgigrpgh.dll 2007-11-25 14:33 294 --ahs---- C:\WINDOWS\system32\hgprgigm.ini 2007-11-25 13:35 79,936 --a--c--- C:\WINDOWS\system32\ynsnofiw.dll 2007-11-25 13:29 85,056 --a--c--- C:\WINDOWS\system32\hdisunts.dll 2007-11-25 13:29 414 --ahs---- C:\WINDOWS\system32\stnusidh.ini 2007-11-25 01:57 79,936 --a--c--- C:\WINDOWS\system32\okgnmwqk.dll 2007-11-25 01:52 354 --ahs---- C:\WINDOWS\system32\dcmwijdi.ini 2007-11-24 15:01 85,056 --a--c--- C:\WINDOWS\system32\txhsordg.dll 2007-11-24 15:01 294 --ahs---- C:\WINDOWS\system32\gdroshxt.ini 2007-11-24 14:58 81,472 --a--c--- C:\WINDOWS\system32\ddxfxlrq.dll 2007-11-23 12:17 83,520 --a--c--- C:\WINDOWS\system32\squneltu.dll 2007-11-23 12:11 85,056 --a--c--- C:\WINDOWS\system32\myvborev.dll 2007-11-23 12:11 294 --ahs---- C:\WINDOWS\system32\verobvym.ini 2007-11-23 02:50 <DIR> d-------- C:\Program Files\Microsoft Games 2007-11-23 02:50 83,520 --a--c--- C:\WINDOWS\system32\pesuexct.dll 2007-11-23 02:44 85,056 --a--c--- C:\WINDOWS\system32\wbgpqwru.dll 2007-11-23 02:44 294 --ahs---- C:\WINDOWS\system32\urwqpgbw.ini 2007-11-23 01:32 83,520 --a--c--- C:\WINDOWS\system32\lofpawas.dll 2007-11-23 01:29 85,056 --a--c--- C:\WINDOWS\system32\gawvyhes.dll 2007-11-23 01:29 294 --ahs---- C:\WINDOWS\system32\sehyvwag.ini 2007-11-23 01:00 83,520 --a--c--- C:\WINDOWS\system32\jwycvwpy.dll 2007-11-23 00:54 85,056 --a--c--- C:\WINDOWS\system32\xlhqqrlv.dll 2007-11-23 00:54 294 --ahs---- C:\WINDOWS\system32\vlrqqhlx.ini 2007-11-22 23:51 79,936 --a--c--- C:\WINDOWS\system32\rppbtokh.dll 2007-11-22 23:48 714,650 --ahs---- C:\WINDOWS\system32\ofspjqii.ini 2007-11-22 23:48 85,056 --a--c--- C:\WINDOWS\system32\iiqjpsfo.dll 2007-11-21 19:41 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\iWin 2007-11-21 16:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\SampleView 2007-11-21 16:30 <DIR> d-------- C:\Program Files\LimeWire 2007-11-21 15:20 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX 2007-11-21 15:02 80,960 --a--c--- C:\WINDOWS\system32\bivsylaf.dll 2007-11-21 14:59 714,590 --ahs---- C:\WINDOWS\system32\ytxcdfwy.ini 2007-11-21 12:58 80,960 --a--c--- C:\WINDOWS\system32\rssruhne.dll 2007-11-21 12:52 714,461 --ahs---- C:\WINDOWS\system32\jqgrnofu.ini 2007-11-21 12:51 <DIR> d-------- C:\WINDOWS\system32\rMa05yy 2007-11-21 12:51 <DIR> d-------- C:\temp\abW9 2007-11-20 12:17 714,341 --ahs---- C:\WINDOWS\system32\jyahqbll.ini 2007-11-20 12:11 84,544 --a--c--- C:\WINDOWS\system32\fhuuiwdv.dll 2007-11-19 16:44 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\ArcSoft 2007-11-19 16:42 230,432 --a--c--- C:\PA7311.DAT 2007-11-19 16:39 <DIR> d-------- C:\Program Files\VGA USB Camera 2007-11-19 16:39 6,656 --a------ C:\WINDOWS\system32\CoInst.dll 2007-11-19 16:39 518 --a------ C:\WINDOWS\system32\SP7311.INI 2007-11-19 15:40 53,248 --a------ C:\WINDOWS\system32\PAStiSvc.exe 2007-11-19 15:39 <DIR> d-------- C:\WINDOWS\PixArt 2007-11-19 15:11 <DIR> d-------- C:\Program Files\Common Files\ArcSoft 2007-11-19 15:11 <DIR> d-------- C:\Program Files\ArcSoft 2007-11-19 15:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll 2007-11-19 15:11 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL 2007-11-19 15:11 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys 2007-11-19 12:18 685,712 --ahs---- C:\WINDOWS\system32\xjbmwhgg.ini 2007-11-19 12:18 85,056 --a--c--- C:\WINDOWS\system32\gghwmbjx.dll 2007-11-19 12:15 83,008 --a--c--- C:\WINDOWS\system32\redpfdtq.dll 2007-11-18 12:14 79,424 --a--c--- C:\WINDOWS\system32\dvodghbp.dll 2007-11-18 12:11 677,929 --ahs---- C:\WINDOWS\system32\nihodhut.ini 2007-11-18 12:11 85,056 --a--c--- C:\WINDOWS\system32\tuhdohin.dll 2007-11-17 12:16 677,938 --ahs---- C:\WINDOWS\system32\uvylqdox.ini 2007-11-17 12:16 85,056 --a--c--- C:\WINDOWS\system32\xodqlyvu.dll 2007-11-17 12:10 82,496 --a--c--- C:\WINDOWS\system32\xtjgbnjy.dll 2007-11-17 02:17 40,960 --a--c--- C:\Documents and Settings\HP_Owner\f.exe 2007-11-17 02:17 36,352 --a------ C:\WINDOWS\system32\rqrrspq.dll 2007-11-17 02:17 13,902 --a--c--- C:\Documents and Settings\HP_Owner\z.dat 2007-11-17 02:17 1,249 --a--c--- C:\Documents and Settings\HP_Owner\x.dat 2007-11-17 02:17 260 --a--c--- C:\6463.bat 2007-11-16 12:15 81,984 --a--c--- C:\WINDOWS\system32\pfuofenr.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-29 07:11 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-27 09:38 --------- d-----w C:\Program Files\Real 2007-11-27 08:56 --------- d-----w C:\Program Files\Common Files\Real 2007-11-27 08:03 --------- d-----w C:\Program Files\Stamps.com Internet Postage 2007-11-27 07:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\{75EE35BC-E993-41FD-9DBA-9AD37F50E521} 2007-11-27 01:05 9,356 -c--a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat 2007-11-26 08:14 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\IGN_DLM 2007-11-23 05:51 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-21 17:49 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AT&T 2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\My Battle for Middle-earth Files 2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Move Networks 2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Audacity 2007-11-21 08:40 --------- d--h--r C:\Documents and Settings\HP_Owner\Application Data\yahoo! 2007-11-21 08:40 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Viewpoint 2007-11-21 06:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-20 07:21 --------- d-----w C:\Program Files\Common Files\AOL 2007-11-20 07:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-11-19 22:23 --------- d-----w C:\Program Files\Common Files\Logitech 2007-11-19 18:44 --------- d-----w C:\Program Files\Google 2007-11-19 18:32 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-19 17:42 --------- d-----w C:\Program Files\Yahoo! 2007-11-19 17:42 --------- d-----w C:\Program Files\QuickTime 2007-11-19 17:42 --------- d-----w C:\Program Files\Online Backup 2007-11-19 17:42 --------- d-----w C:\Program Files\MSN Toolbar Suite 2007-11-19 17:42 --------- d-----w C:\Program Files\MSN Messenger 2007-11-19 17:41 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-11-19 17:41 --------- d-----w C:\Program Files\Java 2007-11-19 17:41 --------- d-----w C:\Program Files\ICOO Loader 2007-11-19 17:41 --------- d-----w C:\Program Files\HPQ 2007-11-19 17:41 --------- d-----w C:\Program Files\GameSpy Arcade 2007-11-19 17:40 --------- d-----w C:\Program Files\Common Files\aolshare 2007-11-19 17:40 --------- d-----w C:\Program Files\America Online 9.0i 2007-11-17 19:13 --------- d-----w C:\Program Files\Common Files\Motive 2007-11-15 22:05 --------- d-----w C:\Program Files\Advanced System Optimizer 2007-11-15 21:55 --------- d-----w C:\Program Files\Trend Micro 2007-11-13 22:35 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-10 18:52 --------- d-----w C:\Program Files\InterActual 2007-11-08 23:16 --------- d-----w C:\Program Files\coolpro2 2007-11-04 18:29 --------- d-----w C:\Program Files\Sonic 2007-10-25 07:25 --------- d-----w C:\Program Files\MSECache 2007-10-25 07:05 --------- d-----w C:\Program Files\Download Manager 2007-10-24 06:44 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\QQ Games Plugin 2007-10-22 22:54 --------- d-----w C:\Program Files\Microsoft IntelliType Pro 2007-10-20 22:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\muvee Technologies 2007-10-20 17:52 --------- d-----w C:\Program Files\Common Files\muvee Technologies 2007-10-20 00:11 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nero 2007-10-20 00:03 --------- d-----w C:\Program Files\Common Files\Nero 2007-10-20 00:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero 2007-10-20 00:01 --------- d-----w C:\Program Files\Nero 2007-10-19 20:13 --------- d-----w C:\Program Files\AusLogics Disk Defrag 2007-10-19 19:47 --------- d-----w C:\Program Files\Common Files\Ahead 2007-10-19 17:47 --------- d-----w C:\Program Files\PConPoint 2007-10-19 17:07 --------- d-----w C:\Program Files\Easy Internet signup 2007-10-19 16:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL 2007-10-19 15:52 --------- d-----w C:\Program Files\IncrediMail 2007-10-19 15:23 --------- d-----w C:\Program Files\AOL Companion 2007-10-19 05:41 --------- d-----w C:\Program Files\Audacity 2007-10-19 05:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\Intuit 2007-10-19 05:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-19 05:19 --------- d-----w C:\Program Files\BellSouth Application Management 2007-10-19 05:18 --------- d-----w C:\Program Files\AOL Computer Check-Up 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0f 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0e 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0b 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0 2007-10-19 04:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\QuickTime 2007-10-19 04:40 --------- d-----w C:\Program Files\Learn2.com 2007-10-19 04:40 --------- d-----w C:\Program Files\HP 2007-10-19 04:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Symantec 2007-10-19 04:34 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer 2007-10-19 04:33 1,716 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PY208AV-ABA a1030e_YC_0Pavi_QMXG530_E53NAheBLU5_47_ISalmon_SASUSTek Computer INC._V1.04_B3.15_T051019_WXH2_L409_M896_J80_7AMD_8Sempron_91.81_#050913_N1039090 0_Z11C1048C_G10396330.MRK 2007-10-19 04:30 --------- d---a-w C:\Program Files\Common Files\LightScribe 2007-10-19 03:44 --------- d-----w C:\Program Files\Webshots 2007-10-19 03:27 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys 2007-10-19 02:54 --------- d-----w C:\Program Files\Rhapsody 2007-10-19 02:21 --------- d-----w C:\Program Files\Common Files\Scanner 2007-10-19 02:16 --------- dc----w C:\Documents and Settings\All Users\Application Data\Raxco 2007-10-19 02:16 --------- d-----w C:\Program Files\Raxco 2007-10-19 02:16 --------- d-----w C:\Program Files\Common Files\Authentium 2007-10-19 02:15 --------- dc----w C:\Documents and Settings\All Users\Application Data\AT&T 2007-10-19 02:15 --------- d-----w C:\Program Files\CA 2007-10-19 02:15 --------- d-----w C:\Program Files\AT&T 2007-10-19 02:13 --------- d-----w C:\Program Files\BellSouth 2007-10-19 02:10 132,675 ----a-w C:\Program Files\INSTALL.LOG 2007-10-19 02:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-19 00:17 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\BellSouth 2007-10-19 00:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\BellSouth 2007-10-19 00:08 --------- d-----w C:\Program Files\Common Files\SupportSoft 2007-10-18 23:50 4 -c--a-w C:\WINDOWSRegDefrag.dat 2007-10-17 21:39 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\URSoft 2007-10-17 18:12 --------- d-----w C:\Program Files\DFX 2007-10-17 08:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Babylon 2007-10-17 08:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\yahoo! 2007-10-17 08:42 --------- d-----w C:\Program Files\Common Files\Nullsoft 2007-10-17 08:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-10-17 08:41 --------- d-----w C:\Program Files\Multimedia Transcoding Tool 2007-10-17 08:40 --------- d-----w C:\Program Files\AOL 9.0a 2007-10-17 08:37 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AOL 2007-10-17 04:09 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-10-12 04:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\HipSoft 2007-01-10 17:15 290,817 --sh--w C:\WINDOWS\Fonts\svchost.exe 2005-11-15 21:39 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02914A9D-75B0-48FA-9FF4-6593633F86B9}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14EF0ED5-350D-4D1E-BD83-912E8890233C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17ADD453-B11F-48B9-9A91-FF61E0443962}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DF88ED8-3757-4741-BD74-5380C9618EA9}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{554AE99C-B34F-4708-8B30-09FFEDBBFFC4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68B23624-4DAA-4A6E-808A-AA0A766014FC}] C:\Program Files\MSN Gaming Zone\niqy83122.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7527f8af-4e27-40f5-a273-903aebd7ba40}] 2007-11-29 01:13 77888 --a--c--- C:\WINDOWS\system32\haecltty.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C6D3701-B4E2-4222-BA7B-A1148A7D043D}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E08ACE5-DA89-48D4-B3EE-F0D4F9564C5A}] C:\Program Files\MSN Gaming Zone\niqy4444.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984CC232-B0BD-427B-99B6-A68494725B53}] C:\Program Files\MSN Gaming Zone\niqy83122.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-29 04:14 144480 --ah----- C:\WINDOWS\system32\pzvyotou.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC4E019E-26B4-45C5-ADEE-C26BD9BB2701}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}] 2007-11-14 02:21 37376 --a------ C:\WINDOWS\system32\nnnnkkk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E29E966E-BA13-4EB5-B7E4-9045E6799DF2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6763192-2D5B-4DAF-A49F-0592182BD33E}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72C75C6-DD4F-47CA-9BED-E5265D6BB412}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6711FDD-6B25-4A67-B8C3-9B1BE96BC87A}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\pzvyotou.dll [2007-11-29 04:14 144480] [HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\pzvyotou.dll [2007-11-29 04:14 144480] [HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 17:11] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-18 22:05] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] "Srro"="C:\DOCUME~1\HP_Owner\MYDOCU~1\MCROSO~1.NET\wucrtupd.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "SpybotDeletingB1320"="command /c del C:\WINDOWS\system32\pzvyotou.dll_old" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="Rundll32.exe" [2004-08-03 23:00 C:\WINDOWS\system32\rundll32.exe] "CTHelper"="CTHELPER.EXE" [2003-11-14 03:18 C:\WINDOWS\system32\CTHELPER.EXE] "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 10:00] "ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 12:12] "AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 15:09] "HostManager"="C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe" [2007-04-12 16:23] "Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-08-30 13:04] "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 18:14] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34] "Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-01-10 12:15] "HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-10-22 10:27] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-27 03:53] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 13:55] "0c9120a5"="C:\WINDOWS\system32\vpudnsyk.dll" [2007-11-29 01:22] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-03 23:00] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Spybot - Search & Destroy"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2007-08-31 16:46] "SpybotDeletingA5729"="command /c del C:\WINDOWS\system32\pzvyotou.dll_old" [] "SpybotDeletingC3972"="cmd /c del C:\WINDOWS\system32\pzvyotou.dll_old" [] "combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-03 23:00] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 04:13 C:\WINDOWS\MIDIDEF.EXE] C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-09-15 22:44:01] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}"= C:\WINDOWS\system32\nnnnkkk.dll [2007-11-14 02:21 37376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnkkk] nnnnkkk.dll 2007-11-14 02:21 37376 C:\WINDOWS\system32\nnnnkkk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pzvyotou] pzvyotou.dll 2007-11-29 04:14 144480 C:\WINDOWS\system32\pzvyotou.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\usysykju] usysykju.dll path= backup= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c9120a5] rundll32.exe C:\WINDOWS\system32\gocqxgou.dll,b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] 2004-04-07 11:07 496752 --a------ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 15:24 54840 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] c:\progra~1\common~1\instal~1\update~1\issch.exe -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBInstall] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1] R3 PAC7311;VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e29e2fbc-b976-11d9-bac2-806d6172696f}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . Contents of the 'Scheduled Tasks' folder "2007-11-24 04:55:00 C:\WINDOWS\Tasks\Disk Cleanup.job" - C:\WINDOWS\system32\cleanmgr.exe "2007-11-29 13:57:00 C:\WINDOWS\Tasks\Find Duplicate Files.job" - C:\PROGRA~1\ADVANC~1\finddupe.exe "2007-11-28 22:15:06 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-05-23 02:40:25 C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-05-28 00:35:29 C:\WINDOWS\Tasks\HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-11-29 14:28:58 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2007-11-29 08:00:44 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2007-11-29 14:42:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe "2007-11-29 14:28:58 C:\WINDOWS\Tasks\XoftSpySE 2.job" - C:\Program Files\XoftSpySE\XoftSpy.exe "2007-11-27 08:01:31 C:\WINDOWS\Tasks\XoftSpySE.job" - C:\Program Files\XoftSpySE\XoftSpy.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-29 09:28:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-29 9:42:26 - machine was rebooted C:\ComboFix2.txt ... 2007-11-29 03:22 C:\ComboFix3.txt ... 2007-11-29 02:04 . --- E O F --- |
|
|
|
|
Nov 30 2007, 05:02 PM
Post
#6
|
|
|
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,643 Joined: 20-April 06 From: Hamburg Member No.: 64,788 |
Hey rvbeaumont,
while it is noble that you are trying to help and are probably a bit frustrated by your infected pc, please only run the tools we ask you to. In this case there was only a request for a HijackThis log, not a ComboFix log! Please note that you are infected with a trojan (horse) or a Backdoor / Backdoor Server. Due to the status of some of the files you have on your computer, I strongly recommend that you do the following immediately:
Please read these for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? When Should I Format, How Should I Reinstall? However, since the infection looks relatively small from first sight, I am happy to try and clean your PC (I am just providing you with the above information to underline the impact that can occur with files like these on your pc). Should you have any questions, please feel free to ask. Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page. Step #1
It is vital that you uninstall ComboFix as described below and download a fresh copy, as there have been some updates to the tool!
Please download ComboFix from here. Do not run it yet! Step #4 Download SDFix and save it to your Desktop. Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Open the extracted SDFix folder and double click RunThis.bat to start the script. Step #5 Please follow step 9 from this guide: "Preparation Guide For Use Before Posting A Hijackthis Log." Step #6 Please post back with the log from ComboFix, the SDFix log, and a fresh HijackThis log. -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE - |
|
|
|
|
Nov 30 2007, 06:07 PM
Post
#7
|
|
|
Member Group: Members Posts: 41 Joined: 15-November 07 From: key west Member No.: 169,947 |
sent now on stage 2
ComboFix 07-11-19.4 - HP_Owner 2007-11-30 17:38:29.17 - NTFSx86 Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt * Created a new restore point FILE C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat C:\WINDOWS\system32\ahjllxju.exe C:\WINDOWS\system32\amlmghtc.exe C:\WINDOWS\system32\astbfaoq.exe C:\WINDOWS\system32\bivsylaf.dll C:\WINDOWS\system32\datqxpxm.exe C:\WINDOWS\system32\dcmwijdi.ini C:\WINDOWS\system32\ddxfxlrq.dll C:\WINDOWS\system32\dvodghbp.dll C:\WINDOWS\system32\ennqbiwg.exe C:\WINDOWS\system32\fhuuiwdv.dll C:\WINDOWS\system32\fvlxugyf.exe C:\WINDOWS\system32\gawvyhes.dll C:\WINDOWS\system32\gdroshxt.ini C:\WINDOWS\system32\gebxutu.dll C:\WINDOWS\system32\gghwmbjx.dll C:\WINDOWS\system32\gjkqifcb.exe C:\WINDOWS\system32\gnbomdsc.exe C:\WINDOWS\system32\gocqxgou.dll C:\WINDOWS\system32\haecltty.dll C:\WINDOWS\system32\hdisunts.dll C:\WINDOWS\system32\hggwfuxq.dll C:\WINDOWS\system32\hgnccvss.exe C:\WINDOWS\system32\hgprgigm.ini C:\WINDOWS\system32\hoebwqke.exe C:\WINDOWS\system32\iipiulaw.exe C:\WINDOWS\system32\iiqjpsfo.dll C:\WINDOWS\system32\ikersexg.exe C:\WINDOWS\system32\jqgrnofu.ini C:\WINDOWS\system32\jusuqald.exe C:\WINDOWS\system32\jwycvwpy.dll C:\WINDOWS\system32\jyahqbll.ini C:\WINDOWS\system32\kysndupv.ini C:\WINDOWS\system32\lekemoub.ini C:\WINDOWS\system32\lofpawas.dll C:\WINDOWS\system32\lqhqyjwt.dll C:\WINDOWS\system32\lqhtxddv.ini C:\WINDOWS\system32\lyrgompo.dll C:\WINDOWS\system32\mcxotbcu.exe C:\WINDOWS\system32\mgigrpgh.dll C:\WINDOWS\system32\mljjh.dll C:\WINDOWS\system32\myvborev.dll C:\WINDOWS\system32\ndkttktx.exe C:\WINDOWS\system32\nihodhut.ini C:\WINDOWS\system32\niyldnmh.exe C:\WINDOWS\system32\nnnkkjh.dll C:\WINDOWS\system32\nnnnkkk.dll C:\WINDOWS\system32\ofspjqii.ini C:\WINDOWS\system32\okgnmwqk.dll C:\WINDOWS\system32\pesuexct.dll C:\WINDOWS\system32\pkjrdxeq.exe C:\WINDOWS\system32\pnevawfw.ini C:\WINDOWS\system32\prowfvt.dll C:\WINDOWS\system32\pzvyotou.dll C:\WINDOWS\system32\pzvyotou.dllbox C:\WINDOWS\system32\qccvxgpq.exe C:\WINDOWS\system32\qmckutyp.dll C:\WINDOWS\system32\raopqtos.ini C:\WINDOWS\system32\redpfdtq.dll C:\WINDOWS\system32\rnghanvc.dll C:\WINDOWS\system32\rpddfylh.ini C:\WINDOWS\system32\rppbtokh.dll C:\WINDOWS\system32\rssruhne.dll C:\WINDOWS\system32\sehyvwag.ini C:\WINDOWS\system32\squneltu.dll C:\WINDOWS\system32\stnusidh.ini C:\WINDOWS\system32\tktcfhak.dll C:\WINDOWS\system32\tuhdohin.dll C:\WINDOWS\system32\twjyqhql.ini C:\WINDOWS\system32\txhsordg.dll C:\WINDOWS\system32\ucvacjes.dll C:\WINDOWS\system32\uogxqcog.ini C:\WINDOWS\system32\vpudnsyk.dll C:\WINDOWS\system32\xjbmwhgg.ini C:\WINDOWS\system32\xkiuhcwh.dll C:\WINDOWS\system32\xlhqqrlv.dll C:\WINDOWS\system32\xodqlyvu.dll C:\WINDOWS\system32\ynsnofiw.dll C:\WINDOWS\system32\yskbmyoy.exe C:\WINDOWS\system32\ytwrvmwl.exe C:\WINDOWS\system32\ytxcdfwy.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\6463.bat C:\check_LSA7.txt C:\Documents and Settings\HP_Owner\Application Data\Microsoft\Windows\rayiou.exe C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat C:\Documents and Settings\HP_Owner\f.exe C:\Documents and Settings\HP_Owner\x.dat C:\Documents and Settings\HP_Owner\z.dat C:\WINDOWS\cookies.ini C:\WINDOWS\Fonts\svchost.exe C:\WINDOWS\system32\bivsylaf.dll C:\WINDOWS\system32\byxwwts.dll C:\WINDOWS\system32\dcmwijdi.ini C:\WINDOWS\system32\ddxfxlrq.dll C:\WINDOWS\system32\dvodghbp.dll C:\WINDOWS\system32\f9t.dat C:\WINDOWS\system32\fhuuiwdv.dll C:\WINDOWS\system32\gawvyhes.dll C:\WINDOWS\system32\gdroshxt.ini C:\WINDOWS\system32\gebxutu.dll C:\WINDOWS\system32\gghwmbjx.dll C:\WINDOWS\system32\gocqxgou.dll C:\WINDOWS\system32\haecltty.dll C:\WINDOWS\system32\hdisunts.dll C:\WINDOWS\system32\hggwfuxq.dll C:\WINDOWS\system32\hgprgigm.ini C:\WINDOWS\system32\iiqjpsfo.dll C:\WINDOWS\system32\jqgrnofu.ini C:\WINDOWS\system32\jwycvwpy.dll C:\WINDOWS\system32\jyahqbll.ini C:\WINDOWS\system32\kysndupv.ini C:\WINDOWS\system32\lekemoub.ini C:\WINDOWS\system32\lofpawas.dll C:\WINDOWS\system32\lqhqyjwt.dll C:\WINDOWS\system32\lqhtxddv.ini C:\WINDOWS\system32\lyrgompo.dll C:\WINDOWS\system32\mgigrpgh.dll C:\WINDOWS\system32\myvborev.dll C:\WINDOWS\system32\nihodhut.ini C:\WINDOWS\system32\nnnkkjh.dll C:\WINDOWS\system32\nnnnkkk.dll C:\WINDOWS\system32\ofspjqii.ini C:\WINDOWS\system32\okgnmwqk.dll C:\WINDOWS\system32\pesuexct.dll C:\WINDOWS\system32\pfuofenr.dll C:\WINDOWS\system32\pnevawfw.ini C:\WINDOWS\system32\pqstv.bak2 C:\WINDOWS\system32\pqstv.ini C:\WINDOWS\system32\qmckutyp.dll C:\WINDOWS\system32\raopqtos.ini C:\WINDOWS\system32\redpfdtq.dll C:\WINDOWS\system32\rMa05yy C:\WINDOWS\system32\rMa05yy\rMa05yy1080.exe C:\WINDOWS\system32\rnghanvc.dll C:\WINDOWS\system32\rpddfylh.ini C:\WINDOWS\system32\rppbtokh.dll C:\WINDOWS\system32\rqrrspq.dll C:\WINDOWS\system32\rssruhne.dll C:\WINDOWS\system32\sehyvwag.ini C:\WINDOWS\system32\squneltu.dll C:\WINDOWS\system32\stnusidh.ini C:\WINDOWS\system32\tktcfhak.dll C:\WINDOWS\system32\tuhdohin.dll C:\WINDOWS\system32\twjyqhql.ini C:\WINDOWS\system32\txhsordg.dll C:\WINDOWS\system32\ucvacjes.dll C:\WINDOWS\system32\uogxqcog.ini C:\WINDOWS\system32\urwqpgbw.ini C:\WINDOWS\system32\uvylqdox.ini C:\WINDOWS\system32\verobvym.ini C:\WINDOWS\system32\vlrqqhlx.ini C:\WINDOWS\system32\vpudnsyk.dll C:\WINDOWS\system32\vtsqp.dll C:\WINDOWS\system32\wbgpqwru.dll C:\WINDOWS\system32\xjbmwhgg.ini C:\WINDOWS\system32\xkiuhcwh.dll C:\WINDOWS\system32\xlhqqrlv.dll C:\WINDOWS\system32\xodqlyvu.dll C:\WINDOWS\system32\xtjgbnjy.dll C:\WINDOWS\system32\ynsnofiw.dll C:\WINDOWS\system32\ytxcdfwy.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))) . 2007-11-30 13:06 2,557,396 --ahs---- C:\WINDOWS\system32\bjqxhqrp.ini 2007-11-30 13:06 85,056 --a--c--- C:\WINDOWS\system32\prqhxqjb.dll 2007-11-30 13:03 78,912 --a--c--- C:\WINDOWS\system32\alwqoyxj.dll 2007-11-29 13:05 77,888 --a--c--- C:\WINDOWS\system32\wroeviwd.dll 2007-11-29 13:01 789,719 --ahs---- C:\WINDOWS\system32\lcaiwpby.ini 2007-11-29 13:01 85,056 --a--c--- C:\WINDOWS\system32\ybpwiacl.dll 2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\mm6 2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\hv2 2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\ft21 2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\dr1 2007-11-29 01:51 <DIR> d-------- C:\WINDOWS\system32\daSgo18 2007-11-29 01:51 <DIR> d-------- C:\temp\bkR11 2007-11-27 03:57 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{FAE72283-E912-4CA0-A263-E07183A4AF20} 2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8} 2007-11-27 01:51 <DIR> d-------- C:\Program Files\iTunes 2007-11-23 02:50 <DIR> d-------- C:\Program Files\Microsoft Games 2007-11-21 19:41 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\iWin 2007-11-21 16:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\SampleView 2007-11-21 16:30 <DIR> d-------- C:\Program Files\LimeWire 2007-11-21 15:20 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX 2007-11-21 12:51 <DIR> d-------- C:\temp\abW9 2007-11-19 16:44 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\ArcSoft 2007-11-19 16:42 230,432 --a--c--- C:\PA7311.DAT 2007-11-19 16:39 <DIR> d-------- C:\Program Files\VGA USB Camera 2007-11-19 16:39 6,656 --a------ C:\WINDOWS\system32\CoInst.dll 2007-11-19 16:39 518 --a------ C:\WINDOWS\system32\SP7311.INI 2007-11-19 15:40 53,248 --a------ C:\WINDOWS\system32\PAStiSvc.exe 2007-11-19 15:39 <DIR> d-------- C:\WINDOWS\PixArt 2007-11-19 15:11 <DIR> d-------- C:\Program Files\Common Files\ArcSoft 2007-11-19 15:11 <DIR> d-------- C:\Program Files\ArcSoft 2007-11-19 15:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll 2007-11-19 15:11 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL 2007-11-19 15:11 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys 2007-11-16 12:09 675,970 --ahs---- C:\WINDOWS\system32\utupynxr.ini 2007-11-16 12:09 85,056 --a--c--- C:\WINDOWS\system32\rxnyputu.dll 2007-11-15 22:35 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-11-15 15:32 <DIR> d-------- C:\Program Files\RegCure 2007-11-15 14:06 <DIR> d-------- C:\Program Files\XoftSpySE 2007-11-15 01:32 144,480 --a--c--- C:\WINDOWS\system32\criktbeb.dll 2007-11-14 02:37 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-14 02:37 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-14 02:37 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-11-14 02:37 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-14 02:37 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-14 02:13 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2007-11-13 22:43 37,376 --a------ C:\WINDOWS\system32\khfcdba.dll 2007-11-13 22:07 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-11-13 20:24 144,480 --a--c--- C:\WINDOWS\system32\aipbnwrm.dll 2007-11-13 20:21 674,420 --ahs---- C:\WINDOWS\system32\hrnnknwb.ini 2007-11-13 20:21 85,056 --a--c--- C:\WINDOWS\system32\bwnknnrh.dll 2007-11-13 20:18 80,448 --a--c--- C:\WINDOWS\system32\jwwspdfs.dll 2007-11-13 05:01 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Roxio 2007-11-13 02:24 <DIR> d-------- C:\Program Files\WinMX Fix v.3.0 2007-11-13 02:24 <DIR> d-------- C:\Program Files\iPod 2007-11-13 02:23 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2007-11-13 02:23 <DIR> d-------- C:\Program Files\InterVideo 2007-11-13 02:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Roxio 2007-11-13 02:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-11-13 02:22 <DIR> d-------- C:\audio 2007-11-13 02:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(2) 2007-11-08 23:11 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-11-08 23:09 134 --a--c--- C:\n.bat 2007-11-08 23:08 35,328 --a------ C:\WINDOWS\system32\yayxutq.dll 2007-11-08 23:08 0 --a--c--- C:\z.dat 2007-11-08 23:08 0 --a--c--- C:\x.dat 2007-11-07 15:42 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2007-11-07 00:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MumboJumbo 2007-11-06 01:20 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-11-04 20:10 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll 2007-11-04 13:33 <DIR> d----c--- C:\c6616f9bfd906f1ad04bbed7e3dd4f 2007-11-04 13:30 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared 2007-11-04 13:30 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Sonic 2007-11-04 01:28 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Sierra Entertainment 2007-11-04 01:28 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-03 17:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-10-30 01:47 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Super-Cow 2007-10-29 01:58 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll 2007-10-29 01:58 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-29 01:57 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll 2007-10-29 01:57 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-10-29 01:57 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-10-29 01:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-10-29 01:57 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-10-29 01:56 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-10-25 02:25 <DIR> d-------- C:\Program Files\MSECache 2007-10-25 02:05 <DIR> d-------- C:\Program Files\Download Manager 2007-10-24 01:44 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\QQ Games Plugin 2007-10-23 18:22 86,082 --a------ C:\WINDOWS\system32\ftdiunin.exe 2007-10-23 18:22 77,890 --a------ C:\WINDOWS\system32\FTLang.dll 2007-10-23 18:22 60,572 --a------ C:\WINDOWS\system32\drivers\ftser2k.sys 2007-10-23 18:22 48,625 --a------ C:\WINDOWS\system32\ftserui2.dll 2007-10-23 18:22 28,449 --a------ C:\WINDOWS\system32\drivers\ftdibus.sys 2007-10-23 18:22 110 --a------ C:\WINDOWS\system32\ftdiun2k.ini 2007-10-20 12:33 85,376 --a------ C:\WINDOWS\system32\dllcache\nabtsfec.sys 2007-10-20 12:33 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-10-20 12:33 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-10-20 12:33 17,024 --a------ C:\WINDOWS\system32\dllcache\ccdecode.sys 2007-10-20 12:33 16,384 --a------ C:\WINDOWS\system32\ipsink.ax 2007-10-20 12:33 5,504 --a------ C:\WINDOWS\system32\dllcache\mstee.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2005-11-15 21:39 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8cefb8af-1687-4267-9e47-e5174d07b29d}] 2007-11-30 13:03 78912 --a--c--- C:\WINDOWS\system32\alwqoyxj.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E08ACE5-DA89-48D4-B3EE-F0D4F9564C5A}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984CC232-B0BD-427B-99B6-A68494725B53}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC4E019E-26B4-45C5-ADEE-C26BD9BB2701}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E29E966E-BA13-4EB5-B7E4-9045E6799DF2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6763192-2D5B-4DAF-A49F-0592182BD33E}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E72C75C6-DD4F-47CA-9BED-E5265D6BB412}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBDE85A0-FF65-4ECB-93AB-5AB026BEBB5B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6711FDD-6B25-4A67-B8C3-9B1BE96BC87A}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 17:11] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-18 22:05] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 23:06] "MtdAcq"="C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2002-10-17 03:13] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="Rundll32.exe" [2004-08-03 23:00 C:\WINDOWS\system32\rundll32.exe] "CTHelper"="CTHELPER.EXE" [2003-11-14 03:18 C:\WINDOWS\system32\CTHELPER.EXE] "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 10:00] "ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 12:12] "AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 15:09] "HostManager"="C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe" [2007-04-12 16:23] "Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-08-30 13:04] "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 18:14] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34] "HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-10-22 10:27] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-27 03:53] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 13:55] "0c9120a5"="C:\WINDOWS\system32\vpudnsyk.dll" [] "combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-03 23:00] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 04:13 C:\WINDOWS\MIDIDEF.EXE] C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-09-15 22:44:01] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnkkk] path= backup= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] 2004-04-07 11:07 496752 --a------ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 15:24 54840 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] c:\progra~1\common~1\instal~1\update~1\issch.exe -start R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe R3 PAC7311;VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS S3 Radialpoint Security Services;AT&T Internet Security Suite;C:\WINDOWS\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874} . Contents of the 'Scheduled Tasks' folder "2007-11-24 04:55:00 C:\WINDOWS\Tasks\Disk Cleanup.job" - C:\WINDOWS\system32\cleanmgr.exe "2007-11-29 13:57:00 C:\WINDOWS\Tasks\Find Duplicate Files.job" - C:\PROGRA~1\ADVANC~1\finddupe.exe "2007-11-28 22:15:06 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-05-23 02:40:25 C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-05-28 00:35:29 C:\WINDOWS\Tasks\HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-11-30 22:55:31 C:\WINDOWS\Tasks\RegCure Program Check.job" "2007-11-29 08:00:44 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2007-11-30 23:02:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe "2007-11-30 22:55:28 C:\WINDOWS\Tasks\XoftSpySE 2.job" - C:\Program Files\XoftSpySE\XoftSpy.exe "2007-11-27 08:01:31 C:\WINDOWS\Tasks\XoftSpySE.job" - C:\Program Files\XoftSpySE\XoftSpy.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-30 17:55:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run Creative Detector = C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R??o?u?r?c?e?\?D?e?t?e?c?t?o?r?\?C?T?D?e?t?e?c?t?.?e?x?e?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-30 18:02:29 - machine was rebooted C:\ComboFix2.txt ... 2007-11-29 09:42 C:\ComboFix3.txt ... 2007-11-29 03:22 . --- E O F --- |
|
|
|
|
Dec 1 2007, 01:35 AM
Post
#8
|
|
|
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,643 Joined: 20-April 06 From: Hamburg Member No.: 64,788 |
Hey rvbeaumont,
if you want me to assist you in cleaning this badly infected machine, you have to do what I asked you to do. I am now asking you for the third time to please read the "Preparation Guide for Use before posting a HijackThis log", underlining once again the "HijackThis" part with reference to point 9 in this guide. We can only continue the cleaning process when all steps have been carried out as mentioned in my last post. Otherwise we might miss vital information / issues on your pc... Please read that guide and post the missing information. Thanks. This post has been edited by Yourhighness: Dec 1 2007, 01:36 AM -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE - |
|
|
|
|
Dec 1 2007, 02:08 AM
Post
#9
|
|
|
Member Group: Members Posts: 41 Joined: 15-November 07 From: key west Member No.: 169,947 |
SDFix: Version 1.116
Run by HP_Owner on Fri 11/30/2007 at 06:24 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\DOCUME~1\HP_Owner\Desktop\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\X.DAT - Deleted C:\Z.DAT - Deleted C:\Temp\abW9\tPho.log - Deleted C:\n.bat - Deleted C:\WINDOWS\Fonts\Crack.exe - Deleted C:\WINDOWS\Fonts\Setup.exe - Deleted C:\WINDOWS\Fonts\*.zip - 1 File(s) 118,336 bytes - Deleted C:\WINDOWS\Fonts\'\*.zip - 20222 File(s) 12,900,321,570 bytes - Deleted Folder C:\Temp\abW9 - Removed Folder C:\WINDOWS\Fonts\' - Removed Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-01 01:48:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000023 "TracesSuccessful"=dword:00000001 scanning hidden files ... C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\01\10-{1DD43710-461C-5930-D7BC-29ACF9725A72}-v1-{CB658601-5174-45DF-81E8-54554094D33D}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\11\11-{CB658601-5174-45DF-81E8-54554094D33D}-v11-{CB658601-5174-45DF-81E8-54554094D33D}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 822 bytes hidden from API C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\11\11-{CB658601-5174-45DF-81E8-54554094D33D}-v11-{CB658601-5174-45DF-81E8-54554094D33D}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\12\12-{CB658601-5174-45DF-81E8-54554094D33D}-v12-{CB658601-5174-45DF-81E8-54554094D33D}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 786 bytes hidden from API C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\12\12-{CB658601-5174-45DF-81E8-54554094D33D}-v12-{CB658601-5174-45DF-81E8-54554094D33D}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 88 bytes hidden from API C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\13\13-{CB658601-5174-45DF-81E8-54554094D33D}-v13-{CB658601-5174-45DF-81E8-54554094D33D}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 2622 bytes hidden from API C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\13\13-{CB658601-5174-45DF-81E8-54554094D33D}-v13-{CB658601-5174-45DF-81E8-54554094D33D}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 304 bytes hidden from API C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\17\17-{CB658601-5174-45DF-81E8-54554094D33D}-v17-{CB658601-5174-45DF-81E8-54554094D33D}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 22116 bytes hidden from API C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\17\17-{CB658601-5174-45DF-81E8-54554094D33D}-v17-{CB658601-5174-45DF-81E8-54554094D33D}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 1632 bytes hidden from API C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Messenger\rvbeaumont@msn.com\SharingMetadata\nyschwartz@msn.com\DFSR\Staging\CS{1DD43710-461C-5930-D7BC-29ACF9725A72}\17\17-{CB658601-5174-45DF-81E8-54554094D33D}-v17-{CB658601-5174-45DF-81E8-54554094D33D}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2456 bytes hidden from API scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 10 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\DOCUME~1\HP_Owner\Desktop\SDFix\backups\backups.zip Files with Hidden Attributes: Thu 18 Oct 2007 213 A.SHR --- "C:\BOOT.BAK" Fri 19 Nov 2004 54,872 A..H. --- "C:\Program Files\America Online 9.0b\AOLphx.exe" Fri 19 Nov 2004 31,832 A..H. --- "C:\Program Files\America Online 9.0b\rbm.exe" Tue 24 Aug 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0c\aoltray.exe" Mon 30 Aug 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0i\aolphx.exe" Mon 30 Aug 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0i\aoltray.exe" Mon 30 Aug 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0i\RBM.exe" Tue 24 Aug 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe" Tue 24 Aug 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe" Tue 24 Aug 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe" Tue 3 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Tue 15 Nov 2005 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys" Sun 21 Oct 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sat 26 May 2007 170,299 A.SH. --- "C:\Program Files\Common Files\Motive\MCCDNSHLP_1-0-0_DSR.dll" Fri 19 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 18 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4f686eb18ed8be61735e890e67439840\BIT3F.tmp" Fri 19 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fe95c915e785c18bf9cc0792fb5a73df\BIT45.tmp" Wed 21 Nov 2007 8,332 ...HR --- "C:\Documents and Settings\HP_Owner\Application Data\SecuROM\UserData\securom_v7_01.bak" Fri 28 Sep 2007 85,309 A..H. --- "C:\Program Files\Common Files\AOL\TopSpeed\3.0\WBUnins.exe" Finished! Hijack is coming next This post has been edited by rvbeaumont: Dec 1 2007, 02:16 AM |
|
|
|
|
Dec 1 2007, 02:17 AM
Post
#10
|
|
|
Member Group: Members Posts: 41 Joined: 15-November 07 From: key west Member No.: 169,947 |
doing cleaning now, and will send hijack
|
|
|
|
|
Dec 1 2007, 12:40 PM
Post
#11
|
|
|
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,643 Joined: 20-April 06 From: Hamburg Member No.: 64,788 |
Hi rvbeaumont,
how is the HijackThis log looking? Its been 10 hours and I am still waiting for it  . Report back with that log and we shall go from there then.
-------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE - |
|
|
|
|
Dec 1 2007, 04:08 PM
Post
#12
|
|
|
Member Group: Members Posts: 41 Joined: 15-November 07 From: key west Member No.: 169,947 |
sorry thought it sent it
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:07:25 PM, on 12/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE C:\Program Files\AT&T\Internet Security Wizard\ISW.exe C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\AT&T\Internet Security Wizard\ISWComHandler.exe C:\PROGRA~1\Webshots\webshots.scr C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe C:\WINDOWS\AGRSMMSG.exe c:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\America Online 9.0i\waol.exe C:\Program Files\America Online 9.0i\shellmon.exe C:\Program Files\Common Files\Aol\aoltpspd.exe C:\Program Files\LimeWire\LimeWire.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.manhunt.net/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.manhunt.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: {d92b70d4-715e-74e9-7624-7861fa8bfec8} - {8cefb8af-1687-4267-9e47-e5174d07b29d} - C:\WINDOWS\system32\alwqoyxj.dll O2 - BHO: (no name) - {8E08ACE5-DA89-48D4-B3EE-F0D4F9564C5A} - (no file) O2 - BHO: (no name) - {984CC232-B0BD-427B-99B6-A68494725B53} - (no file) O2 - BHO: (no name) - {BC4E019E-26B4-45C5-ADEE-C26BD9BB2701} - (no file) O2 - BHO: (no name) - {E0B54BEC-9209-4B5D-94E5-A8906DE18FFB} - (no file) O2 - BHO: (no name) - {E29E966E-BA13-4EB5-B7E4-9045E6799DF2} - (no file) O2 - BHO: (no name) - {E6763192-2D5B-4DAF-A49F-0592182BD33E} - (no file) O2 - BHO: (no name) - {E72C75C6-DD4F-47CA-9BED-E5265D6BB412} - (no file) O2 - BHO: (no name) - {EBDE85A0-FF65-4ECB-93AB-5AB026BEBB5B} - (no file) O2 - BHO: (no name) - {F6711FDD-6B25-4A67-B8C3-9B1BE96BC87A} - (no file) O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [0c9120a5] rundll32.exe "C:\WINDOWS\system32\vpudnsyk.dll",b O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing) O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing) O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\system32\shdocvw.dll (HKCU) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/instal...nosticsxp2k.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - http://pbells.broadjump.com/wizlet/Standar...aller_4-2-0.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FC0EBA04-3B3A-48DD-B382-C96E75AB5632}: NameServer = 205.188.146.145 O20 - Winlogon Notify: nnnnkkk - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 13483 bytes |
|
|
|
|
Dec 2 2007, 10:19 AM
Post
#13
|
|
|
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,643 Joined: 20-April 06 From: Hamburg Member No.: 64,788 |
Hey Rvbeaumont,
thanks for posting back with the results. We really do need a HijackThis log to work with, but since you are severly infected we will do some further cleaning until you finally post that HijackThis log asap. Step #1 The most current version of Limewire is reported to include spyware. LimeWire 4.9.28 is clean (Older and newer version may not be). Chances are junk was bundled with this product even if you paid for it. If you are going to use p2p file sharing, I suggest you choose a safe program from here: http://p2p.malwareremoval.com/. If you use P2P software, make sure you are careful about what you open and what P2P program you install. Malware is all over the P2P networks and the programs often come bundled with Adware and Spyware. Further readings of interest in regards to the p2p "issue" are: http://pcpitstop.com/spycheck/p2p.asp and this: http://pcpitstop.com/spycheck/badtorrent.asp Step #2 Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)
Under Main "Select Files to Delete" choose: Select All. Click the Empty Selected button.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. For Technical Support, double-click the e-mail address located at the bottom of each menu. Step #3 You have the program Spybot S&D (Teatimer option) running on your machine and that is good. But prior to doing the fix below with HiJackThis and/or other tools required it needs to be turned off. Please do the following:
Please download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Step #6 Please post back with a fresh ComboFix log and the main.txt and the extra.txt from the DSS log. -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE - |
|
|
|
|
Dec 2 2007, 08:49 PM
Post
#14
|
|
|
Member Group: Members Posts: 41 Joined: 15-November 07 From: key west Member No.: 169,947 |
ignore this one and got to next
have submitted the combofix, and shall add it here too. going to work, will work on the rest around 1:30 easten time ComboFix 07-11-19.4C - HP_Owner 2007-12-02 20:33:50.18 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.504 [GMT -5:00] Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\aipbnwrm.dll C:\WINDOWS\system32\alwqoyxj.dll C:\WINDOWS\system32\bjqxhqrp.ini C:\WINDOWS\system32\bwnknnrh.dll C:\WINDOWS\system32\criktbeb.dll C:\WINDOWS\system32\hrnnknwb.ini C:\WINDOWS\system32\jwwspdfs.dll C:\WINDOWS\system32\khfcdba.dll C:\WINDOWS\system32\lcaiwpby.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\prqhxqjb.dll C:\WINDOWS\system32\rxnyputu.dll C:\WINDOWS\system32\utupynxr.ini C:\WINDOWS\system32\vpudnsyk.dll C:\WINDOWS\system32\wroeviwd.dll C:\WINDOWS\system32\yayxutq.dll C:\WINDOWS\system32\ybpwiacl.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\aipbnwrm.dll C:\WINDOWS\system32\alwqoyxj.dll C:\WINDOWS\system32\bjqxhqrp.ini C:\WINDOWS\system32\bwnknnrh.dll C:\WINDOWS\system32\criktbeb.dll C:\WINDOWS\system32\daSgo18 C:\WINDOWS\system32\daSgo18\daSgo182328.exe C:\WINDOWS\system32\dr1 C:\WINDOWS\system32\ft21 C:\WINDOWS\system32\hrnnknwb.ini C:\WINDOWS\system32\hv2 C:\WINDOWS\system32\jwwspdfs.dll C:\WINDOWS\system32\lcaiwpby.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mm6 C:\WINDOWS\system32\mm6\ncstdb33.exe C:\WINDOWS\system32\prqhxqjb.dll C:\WINDOWS\system32\rxnyputu.dll C:\WINDOWS\system32\utupynxr.ini C:\WINDOWS\system32\wroeviwd.dll C:\WINDOWS\system32\ybpwiacl.dll . ((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 ))))))))))))))))))))))))))))))) . 2007-12-01 16:44 468 --a--c--- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat 2007-12-01 02:12 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-01 02:12 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-30 18:19 <DIR> d-------- C:\WINDOWS\SDFIX 2007-11-29 01:51 <DIR> d-------- C:\temp\bkR11 2007-11-27 03:57 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{FAE72283-E912-4CA0-A263-E07183A4AF20} 2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8} 2007-11-27 01:51 <DIR> d-------- C:\Program Files\iTunes 2007-11-23 02:50 <DIR> d-------- C:\Program Files\Microsoft Games 2007-11-21 19:41 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\iWin 2007-11-21 16:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\SampleView 2007-11-21 16:30 <DIR> d-------- C:\Program Files\LimeWire 2007-11-19 16:44 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\ArcSoft 2007-11-19 16:42 230,432 --a--c--- C:\PA7311.DAT 2007-11-19 16:39 <DIR> d-------- C:\Program Files\VGA USB Camera 2007-11-19 15:39 <DIR> d-------- C:\WINDOWS\PixArt 2007-11-19 15:11 <DIR> d-------- C:\Program Files\Common Files\ArcSoft 2007-11-19 15:11 <DIR> d-------- C:\Program Files\ArcSoft 2007-11-19 15:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll 2007-11-19 15:11 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL 2007-11-19 15:11 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys 2007-11-15 15:32 <DIR> d-------- C:\Program Files\RegCure 2007-11-15 14:06 <DIR> d-------- C:\Program Files\XoftSpySE 2007-11-14 02:37 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-14 02:37 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-14 02:37 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-11-14 02:37 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-14 02:37 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-14 02:37 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-14 02:37 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-14 02:37 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-14 02:37 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-14 02:13 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2007-11-13 05:01 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Roxio 2007-11-13 02:24 <DIR> d-------- C:\Program Files\WinMX Fix v.3.0 2007-11-13 02:24 <DIR> d-------- C:\Program Files\iPod 2007-11-13 02:23 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2007-11-13 02:23 <DIR> d-------- C:\Program Files\InterVideo 2007-11-13 02:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Roxio 2007-11-13 02:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-11-13 02:22 <DIR> d-------- C:\audio 2007-11-13 02:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(2) 2007-11-08 23:11 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-11-07 15:42 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2007-11-07 00:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MumboJumbo 2007-11-06 01:20 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-11-04 20:10 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll 2007-11-04 13:33 <DIR> d----c--- C:\c6616f9bfd906f1ad04bbed7e3dd4f 2007-11-04 13:30 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared 2007-11-04 13:30 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Sonic 2007-11-04 01:28 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Sierra Entertainment 2007-11-04 01:28 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-03 17:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-01 07:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-30 00:40 --------- d-----w C:\Program Files\Real 2007-11-29 07:11 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-27 08:56 --------- d-----w C:\Program Files\Common Files\Real 2007-11-27 08:03 --------- d-----w C:\Program Files\Stamps.com Internet Postage 2007-11-27 07:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\{75EE35BC-E993-41FD-9DBA-9AD37F50E521} 2007-11-26 08:14 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\IGN_DLM 2007-11-23 05:51 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-21 17:49 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AT&T 2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\My Battle for Middle-earth Files 2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Move Networks 2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Audacity 2007-11-21 08:40 --------- d--h--r C:\Documents and Settings\HP_Owner\Application Data\yahoo! 2007-11-21 08:40 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Viewpoint 2007-11-21 06:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-20 07:21 --------- d-----w C:\Program Files\Common Files\AOL 2007-11-20 07:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-11-19 22:23 --------- d-----w C:\Program Files\Common Files\Logitech 2007-11-19 18:44 --------- d-----w C:\Program Files\Google 2007-11-19 17:42 --------- d-----w C:\Program Files\Yahoo! 2007-11-19 17:42 --------- d-----w C:\Program Files\QuickTime 2007-11-19 17:42 --------- d-----w C:\Program Files\Online Backup 2007-11-19 17:42 --------- d-----w C:\Program Files\MSN Toolbar Suite 2007-11-19 17:42 --------- d-----w C:\Program Files\MSN Messenger 2007-11-19 17:41 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-11-19 17:41 --------- d-----w C:\Program Files\Java 2007-11-19 17:41 --------- d-----w C:\Program Files\ICOO Loader 2007-11-19 17:41 --------- d-----w C:\Program Files\HPQ 2007-11-19 17:41 --------- d-----w C:\Program Files\GameSpy Arcade 2007-11-19 17:40 --------- d-----w C:\Program Files\Common Files\aolshare 2007-11-19 17:40 --------- d-----w C:\Program Files\America Online 9.0i 2007-11-17 19:13 --------- d-----w C:\Program Files\Common Files\Motive 2007-11-15 22:05 --------- d-----w C:\Program Files\Advanced System Optimizer 2007-11-15 21:55 --------- d-----w C:\Program Files\Trend Micro 2007-11-13 22:35 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-10 18:52 --------- d-----w C:\Program Files\InterActual 2007-11-08 23:16 --------- d-----w C:\Program Files\coolpro2 2007-11-04 18:29 --------- d-----w C:\Program Files\Sonic 2007-10-30 06:53 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Super-Cow 2007-10-25 07:25 --------- d-----w C:\Program Files\MSECache 2007-10-25 07:05 --------- d-----w C:\Program Files\Download Manager 2007-10-24 06:44 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\QQ Games Plugin 2007-10-22 22:54 --------- d-----w C:\Program Files\Microsoft IntelliType Pro 2007-10-20 22:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\muvee Technologies 2007-10-20 17:52 --------- d-----w C:\Program Files\Common Files\muvee Technologies 2007-10-20 00:11 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nero 2007-10-20 00:03 --------- d-----w C:\Program Files\Common Files\Nero 2007-10-20 00:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero 2007-10-20 00:01 --------- d-----w C:\Program Files\Nero 2007-10-19 20:13 --------- d-----w C:\Program Files\AusLogics Disk Defrag 2007-10-19 19:47 --------- d-----w C:\Program Files\Common Files\Ahead 2007-10-19 17:47 --------- d-----w C:\Program Files\PConPoint 2007-10-19 17:07 --------- d-----w C:\Program Files\Easy Internet signup 2007-10-19 16:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL 2007-10-19 15:52 --------- d-----w C:\Program Files\IncrediMail 2007-10-19 15:23 --------- d-----w C:\Program Files\AOL Companion 2007-10-19 05:41 --------- d-----w C:\Program Files\Audacity 2007-10-19 05:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\Intuit 2007-10-19 05:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-19 05:19 --------- d-----w C:\Program Files\BellSouth Application Management 2007-10-19 05:18 --------- d-----w C:\Program Files\AOL Computer Check-Up 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0f 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0e 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0b 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0 2007-10-19 04:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\QuickTime 2007-10-19 04:40 --------- d-----w C:\Program Files\Learn2.com 2007-10-19 04:40 --------- d-----w C:\Program Files\HP 2007-10-19 04:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Symantec 2007-10-19 04:34 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer 2007-10-19 04:33 1,716 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PY208AV-ABA a1030e_YC_0Pavi_QMXG530_E53NAheBLU5_47_ISalmon_SASUSTek Computer INC._V1.04_B3.15_T051019_WXH2_L409_M896_J80_7AMD_8Sempron_91.81_#050913_N1039090 0_Z11C1048C_G10396330.MRK 2007-10-19 04:30 --------- d---a-w C:\Program Files\Common Files\LightScribe 2007-10-19 03:44 --------- d-----w C:\Program Files\Webshots 2007-10-19 03:27 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys 2007-10-19 02:54 --------- d-----w C:\Program Files\Rhapsody 2007-10-19 02:21 --------- d-----w C:\Program Files\Common Files\Scanner 2007-10-19 02:16 --------- dc----w C:\Documents and Settings\All Users\Application Data\Raxco 2007-10-19 02:16 --------- d-----w C:\Program Files\Raxco 2007-10-19 02:16 --------- d-----w C:\Program Files\Common Files\Authentium 2007-10-19 02:15 --------- dc----w C:\Documents and Settings\All Users\Application Data\AT&T 2007-10-19 02:15 --------- d-----w C:\Program Files\CA 2007-10-19 02:15 --------- d-----w C:\Program Files\AT&T 2007-10-19 02:13 --------- d-----w C:\Program Files\BellSouth 2007-10-19 02:10 132,675 ----a-w C:\Program Files\INSTALL.LOG 2007-10-19 02:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-19 00:17 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\BellSouth 2007-10-19 00:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\BellSouth 2007-10-19 00:08 --------- d-----w C:\Program Files\Common Files\SupportSoft 2007-10-18 23:50 4 -c--a-w C:\WINDOWSRegDefrag.dat 2007-10-17 21:39 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\URSoft 2007-10-17 18:12 --------- d-----w C:\Program Files\DFX 2007-10-17 08:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Babylon 2007-10-17 08:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\yahoo! 2007-10-17 08:42 --------- d-----w C:\Program Files\Common Files\Nullsoft 2007-10-17 08:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-10-17 08:41 --------- d-----w C:\Program Files\Multimedia Transcoding Tool 2007-10-17 08:40 --------- d-----w C:\Program Files\AOL 9.0a 2007-10-17 08:37 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AOL 2007-10-17 04:09 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-10-12 04:03 --------- dc----w C:\Documents and Settings\All Users\Application Data\HipSoft 2005-11-15 21:39 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 17:11] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-18 22:05] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 23:06] "MtdAcq"="C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2002-10-17 03:13] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="Rundll32.exe" [2004-08-03 23:00 C:\WINDOWS\system32\rundll32.exe] "CTHelper"="CTHELPER.EXE" [2003-11-14 03:18 C:\WINDOWS\system32\CTHELPER.EXE] "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 10:00] "ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 12:12] "AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 15:09] "HostManager"="C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe" [2007-04-12 16:23] "Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-08-30 13:04] "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 18:14] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34] "HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-10-22 10:27] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-27 03:53] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 13:55] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 04:13 C:\WINDOWS\MIDIDEF.EXE] C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-09-15 22:44:01] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnkkk] path= backup= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] 2004-04-07 11:07 496752 --a------ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 15:24 54840 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] c:\progra~1\common~1\instal~1\update~1\issch.exe -start R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe S3 PAC7311;VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS S3 Radialpoint Security Services;AT&T Internet Security Suite;C:\WINDOWS\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874} . Contents of the 'Scheduled Tasks' folder "2007-11-24 04:55:00 C:\WINDOWS\Tasks\Disk Cleanup.job" - C:\WINDOWS\system32\cleanmgr.exe "2007-11-29 13:57:00 C:\WINDOWS\Tasks\Find Duplicate Files.job" - C:\PROGRA~1\ADVANC~1\finddupe.exe "2007-11-28 22:15:06 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-05-23 02:40:25 C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-05-28 00:35:29 C:\WINDOWS\Tasks\HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-12-03 01:42:03 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2007-11-29 08:00:44 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2007-12-03 01:42:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe "2007-12-03 01:42:03 C:\WINDOWS\Tasks\XoftSpySE 2.job" - C:\Program Files\XoftSpySE\XoftSpy.exe "2007-12-01 08:01:15 C:\WINDOWS\Tasks\XoftSpySE.job" - C:\Program Files\XoftSpySE\XoftSpy.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-02 20:42:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-02 20:46:37 - machine was rebooted C:\ComboFix2.txt ... 2007-11-30 18:02 C:\ComboFix3.txt ... 2007-11-29 09:42 . --- E O F --- This post has been edited by rvbeaumont: Dec 3 2007, 01:33 AM |
|
|
|
|
Dec 3 2007, 01:34 AM
Post
#15
|
|
|
Member Group: Members Posts: 41 Joined: 15-November 07 From: key west Member No.: 169,947 |
ok this one was without s&d on
ComboFix 07-11-19.4C - HP_Owner 2007-12-03 1:22:51.19 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.512 [GMT -5:00] Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\aipbnwrm.dll C:\WINDOWS\system32\alwqoyxj.dll C:\WINDOWS\system32\bjqxhqrp.ini C:\WINDOWS\system32\bwnknnrh.dll C:\WINDOWS\system32\criktbeb.dll C:\WINDOWS\system32\hrnnknwb.ini C:\WINDOWS\system32\jwwspdfs.dll C:\WINDOWS\system32\khfcdba.dll C:\WINDOWS\system32\lcaiwpby.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\prqhxqjb.dll C:\WINDOWS\system32\rxnyputu.dll C:\WINDOWS\system32\utupynxr.ini C:\WINDOWS\system32\vpudnsyk.dll C:\WINDOWS\system32\wroeviwd.dll C:\WINDOWS\system32\yayxutq.dll C:\WINDOWS\system32\ybpwiacl.dll . ((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 ))))))))))))))))))))))))))))))) . 2007-12-01 16:44 468 --a--c--- C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat 2007-12-01 02:12 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-01 02:12 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-30 18:19 <DIR> d-------- C:\WINDOWS\SDFIX 2007-11-29 01:51 <DIR> d-------- C:\temp\bkR11 2007-11-27 03:57 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{FAE72283-E912-4CA0-A263-E07183A4AF20} 2007-11-27 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\{EF257B1A-26EA-4A90-9BCC-54CA818488E8} 2007-11-27 01:51 <DIR> d-------- C:\Program Files\iTunes 2007-11-23 02:50 <DIR> d-------- C:\Program Files\Microsoft Games 2007-11-21 19:41 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\iWin 2007-11-21 16:42 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\SampleView 2007-11-21 16:30 <DIR> d-------- C:\Program Files\LimeWire 2007-11-19 16:44 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\ArcSoft 2007-11-19 16:42 230,432 --a--c--- C:\PA7311.DAT 2007-11-19 16:39 <DIR> d-------- C:\Program Files\VGA USB Camera 2007-11-19 15:39 <DIR> d-------- C:\WINDOWS\PixArt 2007-11-19 15:11 <DIR> d-------- C:\Program Files\Common Files\ArcSoft 2007-11-19 15:11 <DIR> d-------- C:\Program Files\ArcSoft 2007-11-19 15:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll 2007-11-19 15:11 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL 2007-11-19 15:11 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys 2007-11-15 15:32 <DIR> d-------- C:\Program Files\RegCure 2007-11-15 14:06 <DIR> d-------- C:\Program Files\XoftSpySE 2007-11-14 02:37 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-14 02:37 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-14 02:37 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-11-14 02:37 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-14 02:37 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-14 02:37 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-14 02:37 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-14 02:37 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-14 02:37 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-14 02:13 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe 2007-11-13 05:01 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Roxio 2007-11-13 02:24 <DIR> d-------- C:\Program Files\WinMX Fix v.3.0 2007-11-13 02:24 <DIR> d-------- C:\Program Files\iPod 2007-11-13 02:23 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2007-11-13 02:23 <DIR> d-------- C:\Program Files\InterVideo 2007-11-13 02:23 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Roxio 2007-11-13 02:22 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-11-13 02:22 <DIR> d-------- C:\audio 2007-11-13 02:05 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion(2) 2007-11-08 23:11 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-11-07 15:42 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2007-11-07 00:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\MumboJumbo 2007-11-06 01:20 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-11-04 20:10 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll 2007-11-04 13:33 <DIR> d----c--- C:\c6616f9bfd906f1ad04bbed7e3dd4f 2007-11-04 13:30 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared 2007-11-04 13:30 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Sonic 2007-11-04 01:28 <DIR> d----c--- C:\Documents and Settings\HP_Owner\Application Data\Sierra Entertainment 2007-11-04 01:28 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-03 17:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-01 07:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-30 00:40 --------- d-----w C:\Program Files\Real 2007-11-29 07:11 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-27 08:56 --------- d-----w C:\Program Files\Common Files\Real 2007-11-27 08:03 --------- d-----w C:\Program Files\Stamps.com Internet Postage 2007-11-27 07:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\{75EE35BC-E993-41FD-9DBA-9AD37F50E521} 2007-11-26 08:14 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\IGN_DLM 2007-11-23 05:51 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-21 17:49 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\AT&T 2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\My Battle for Middle-earth Files 2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Move Networks 2007-11-21 08:40 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Audacity 2007-11-21 08:40 --------- d--h--r C:\Documents and Settings\HP_Owner\Application Data\yahoo! 2007-11-21 08:40 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Viewpoint 2007-11-21 06:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-20 07:21 --------- d-----w C:\Program Files\Common Files\AOL 2007-11-20 07:20 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL Downloads 2007-11-19 22:23 --------- d-----w C:\Program Files\Common Files\Logitech 2007-11-19 18:44 --------- d-----w C:\Program Files\Google 2007-11-19 17:42 --------- d-----w C:\Program Files\Yahoo! 2007-11-19 17:42 --------- d-----w C:\Program Files\QuickTime 2007-11-19 17:42 --------- d-----w C:\Program Files\Online Backup 2007-11-19 17:42 --------- d-----w C:\Program Files\MSN Toolbar Suite 2007-11-19 17:42 --------- d-----w C:\Program Files\MSN Messenger 2007-11-19 17:41 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-11-19 17:41 --------- d-----w C:\Program Files\Java 2007-11-19 17:41 --------- d-----w C:\Program Files\ICOO Loader 2007-11-19 17:41 --------- d-----w C:\Program Files\HPQ 2007-11-19 17:41 --------- d-----w C:\Program Files\GameSpy Arcade 2007-11-19 17:40 --------- d-----w C:\Program Files\Common Files\aolshare 2007-11-19 17:40 --------- d-----w C:\Program Files\America Online 9.0i 2007-11-17 19:13 --------- d-----w C:\Program Files\Common Files\Motive 2007-11-15 22:05 --------- d-----w C:\Program Files\Advanced System Optimizer 2007-11-15 21:55 --------- d-----w C:\Program Files\Trend Micro 2007-11-13 22:35 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-10 18:52 --------- d-----w C:\Program Files\InterActual 2007-11-08 23:16 --------- d-----w C:\Program Files\coolpro2 2007-11-04 18:29 --------- d-----w C:\Program Files\Sonic 2007-10-30 06:53 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Super-Cow 2007-10-26 03:36 8,454,656 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-25 07:25 --------- d-----w C:\Program Files\MSECache 2007-10-25 07:05 --------- d-----w C:\Program Files\Download Manager 2007-10-24 06:44 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\QQ Games Plugin 2007-10-22 22:54 --------- d-----w C:\Program Files\Microsoft IntelliType Pro 2007-10-22 07:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 07:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-20 22:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\muvee Technologies 2007-10-20 17:52 --------- d-----w C:\Program Files\Common Files\muvee Technologies 2007-10-20 00:11 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Nero 2007-10-20 00:03 --------- d-----w C:\Program Files\Common Files\Nero 2007-10-20 00:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Nero 2007-10-20 00:01 --------- d-----w C:\Program Files\Nero 2007-10-19 20:13 --------- d-----w C:\Program Files\AusLogics Disk Defrag 2007-10-19 19:47 --------- d-----w C:\Program Files\Common Files\Ahead 2007-10-19 17:47 --------- d-----w C:\Program Files\PConPoint 2007-10-19 17:07 --------- d-----w C:\Program Files\Easy Internet signup 2007-10-19 16:06 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL 2007-10-19 15:52 --------- d-----w C:\Program Files\IncrediMail 2007-10-19 15:23 --------- d-----w C:\Program Files\AOL Companion 2007-10-19 05:41 --------- d-----w C:\Program Files\Audacity 2007-10-19 05:36 --------- dc----w C:\Documents and Settings\All Users\Application Data\Intuit 2007-10-19 05:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-19 05:19 --------- d-----w C:\Program Files\BellSouth Application Management 2007-10-19 05:18 --------- d-----w C:\Program Files\AOL Computer Check-Up 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0f 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0e 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0b 2007-10-19 05:18 --------- d-----w C:\Program Files\America Online 9.0 2007-10-19 04:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\QuickTime 2007-10-19 04:40 --------- d-----w C:\Program Files\Learn2.com 2007-10-19 04:40 --------- d-----w C:\Program Files\HP 2007-10-19 04:35 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Symantec 2007-10-19 04:34 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer 2007-10-19 04:33 1,716 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_PY208AV-ABA a1030e_YC_0Pavi_QMXG530_E53NAheBLU5_47_ISalmon_SASUSTek Computer INC._V1.04_B3.15_T051019_WXH2_L409_M896_J80_7AMD_8Sempron_91.81_#050913_N1039090 0_Z11C1048C_G10396330.MRK 2007-10-19 04:30 --------- d---a-w C:\Program Files\Common Files\LightScribe 2007-10-19 03:44 --------- d-----w C:\Program Files\Webshots 2007-10-19 03:27 8,413 ----a-w C:\WINDOWS\system32\drivers\mcstrm.sys 2007-10-19 02:54 --------- d-----w C:\Program Files\Rhapsody 2007-10-19 02:21 --------- d-----w C:\Program Files\Common Files\Scanner 2007-10-19 02:16 --------- dc----w C:\Documents and Settings\All Users\Application Data\Raxco 2007-10-19 02:16 --------- d-----w C:\Program Files\Raxco 2007-10-19 02:16 --------- d-----w C:\Program Files\Common Files\Authentium 2007-10-19 02:15 --------- dc----w C:\Documents and Settings\All Users\Application Data\AT&T 2007-10-19 02:15 --------- d-----w C:\Program Files\CA 2007-10-19 02:15 --------- d-----w C:\Program Files\AT&T 2007-10-19 02:13 --------- d-----w C:\Program Files\BellSouth 2007-10-19 02:10 132,675 ----a-w C:\Program Files\INSTALL.LOG 2007-10-19 02:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-10-19 00:17 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\BellSouth 2007-10-19 00:17 --------- dc----w C:\Documents and Settings\All Users\Application Data\BellSouth 2007-10-19 00:08 --------- d-----w C:\Program Files\Common Files\SupportSoft 2007-10-18 23:50 4 -c--a-w C:\WINDOWSRegDefrag.dat 2007-10-17 21:39 --------- dc----w C:\Documents and Settings\HP_Owner\Application Data\URSoft 2007-10-17 18:12 --------- d-----w C:\Program Files\DFX 2007-10-17 08:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Babylon 2007-10-17 08:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\yahoo! 2007-10-17 08:42 --------- d-----w C:\Program Files\Common Files\Nullsoft 2007-10-17 08:41 --------- dc----w C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-10-17 08:41 --------- d-----w C:\Program Files\Multimedia Transcoding Tool 2007-10-17 08:40 --------- d-----w C:\Program Files\AOL 9.0a 2005-11-15 21:39 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 11:02] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-01 17:11] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-18 22:05] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 23:06] "MtdAcq"="C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.exe" [2002-10-17 03:13] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSPower"="Rundll32.exe" [2004-08-03 23:00 C:\WINDOWS\system32\rundll32.exe] "CTHelper"="CTHELPER.EXE" [2003-11-14 03:18 C:\WINDOWS\system32\CTHELPER.EXE] "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 10:00] "ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 12:12] "AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [2007-06-28 15:09] "HostManager"="C:\Program Files\Common Files\AOL\1192809728\ee\AOLSoftware.exe" [2007-04-12 16:23] "Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-08-30 13:04] "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 18:14] "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 00:34] "HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-10-22 10:27] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-27 03:53] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 13:55] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-21 04:13 C:\WINDOWS\MIDIDEF.EXE] C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\ Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2005-09-15 22:44:01] path= backup= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] 2004-04-07 11:07 496752 --a------ C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-05-08 15:24 54840 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] c:\progra~1\common~1\instal~1\update~1\issch.exe -start R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe S3 PAC7311;VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS S3 Radialpoint Security Services;AT&T Internet Security Suite;C:\WINDOWS\system32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874} . Contents of the 'Scheduled Tasks' folder "2007-11-24 04:55:00 C:\WINDOWS\Tasks\Disk Cleanup.job" - C:\WINDOWS\system32\cleanmgr.exe "2007-11-29 13:57:00 C:\WINDOWS\Tasks\Find Duplicate Files.job" - C:\PROGRA~1\ADVANC~1\finddupe.exe "2007-11-28 22:15:06 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-05-23 02:40:25 C:\WINDOWS\Tasks\HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 1 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-05-28 00:35:29 C:\WINDOWS\Tasks\HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" - c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 2 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0 "2007-12-03 06:15:58 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2007-11-29 08:00:44 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe "2007-12-03 06:27:00 C:\WINDOWS\Tasks\Symantec NetDetect.job" - C:\Program Files\Symantec\LiveUpdate\NDetect.exe "2007-12-03 06:15:58 C:\WINDOWS\Tasks\XoftSpySE 2.job" - C:\Program Files\XoftSpySE\XoftSpy.exe "2007-12-01 08:01:15 C:\WINDOWS\Tasks\XoftSpySE.job" - C:\Program Files\XoftSpySE\XoftSpy.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-03 01:29:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-03 1:30:16 C:\ComboFix2.txt ... 2007-12-02 20:46 C:\ComboFix3.txt ... 2007-11-30 18:02 . --- E O F --- now will get the rest for you |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 05:28 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.