Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mom.exe/c:\windows\sdrive Error Help, Windows Xp Home Edition


  • Please log in to reply
2 replies to this topic

#1 daic

daic

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 AM

Posted 23 October 2007 - 02:39 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:59 AM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\systs.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://c:/rapidhacker.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184780683281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184780653796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: tjk8rla0zxexp - Unknown owner - C:\WINDOWS\system32\systs.exe

--
End of file - 7183 bytes

===================================================================================
ComboFix 07-10-20.6 - Owner 2007-10-23 0:32:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.607 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-23 to 2007-10-23 )))))))))))))))))))))))))))))))
.

2007-10-23 00:27 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-10-23 00:27 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-10-23 00:27 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-10-23 00:27 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-10-23 00:27 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-10-23 00:27 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-10-23 00:26 d-------- C:\Program Files\Sygate
2007-10-23 00:26 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-10-23 00:21 104,968 --------- C:\WINDOWS\system32\drivers\RapDrv.sys
2007-10-23 00:21 36,644 --------- C:\WINDOWS\system32\drivers\RapFile.sys
2007-10-23 00:21 24,344 --------- C:\WINDOWS\system32\drivers\RapNet.sys
2007-10-23 00:21 192 --a------ C:\WINDOWS\system32\tbhi.dat
2007-10-23 00:21 10 --a------ C:\WINDOWS\system32\drivers\tmbi.sys
2007-10-23 00:20 d-------- C:\Program Files\ISS
2007-10-23 00:20 229,331 --------- C:\WINDOWS\system32\drivers\blackdrv.sys
2007-10-23 00:20 147,608 --------- C:\WINDOWS\system32\blackdll.dll
2007-10-23 00:18 61,440 --a------ C:\WINDOWS\keygen.dll
2007-10-22 12:58 275 --a------ C:\aklr.exe
2007-10-21 23:37 d-------- C:\VundoFix Backups
2007-10-21 23:35 451,258 --a------ C:\vont.exe
2007-10-20 05:11 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-20 04:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-20 03:55 d-------- C:\Program Files\Trend Micro
2007-10-20 03:25 d-------- C:\Program Files\Yahoo!
2007-10-20 03:24 d-------- C:\Program Files\CCleaner
2007-10-20 03:09 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-10-18 23:05 d-------- C:\Program Files\service.bat
2007-10-18 23:05 103,936 -r-hs---- C:\WINDOWS\system32\systs.exe
2007-10-18 23:05 275 --a------ C:\msfk.exe
2007-10-18 03:11 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-18 02:54 d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2007-10-18 00:23 d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2007-10-17 23:37 d-------- C:\Program Files\Common Files\McAfee
2007-10-17 23:36 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-17 05:08 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-10-16 20:08 d-------- C:\Program Files\Uniblue3
2007-10-16 05:40 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2007-10-16 05:06 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-16 05:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-16 03:45 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-16 03:39 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-16 03:09 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-16 03:09 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-25 21:12 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-09-24 04:05 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-23 07:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-22 23:03 --------- d-----w C:\Program Files\Labyrinth
2007-10-22 20:54 --------- d-----w C:\Program Files\Warcraft III
2007-10-22 07:00 --------- d-----w C:\Program Files\Java
2007-10-21 17:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-21 17:16 --------- d-----w C:\Program Files\Trillian
2007-10-21 17:16 --------- d-----w C:\Program Files\DivX
2007-10-20 10:06 --------- d-----w C:\Program Files\ATI Technologies
2007-10-19 10:39 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-10-18 10:25 --------- d-----w C:\Program Files\QuickTime
2007-10-18 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-11 16:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\FrostWire
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 04:05 602,112 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 32,768 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 22:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\BPFTP
2007-09-24 02:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-21 03:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\size bows license
2007-09-17 08:16 --------- d-----w C:\Program Files\Combined Community Codec Pack
2007-08-31 16:50 --------- d-----w C:\Program Files\DirectVobSub
2007-08-31 16:47 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-08-31 16:46 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-08-28 08:35 --------- d-----w C:\Program Files\ESTsoft
2007-08-28 08:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESTsoft
2007-08-27 15:42 --------- d-----w C:\Program Files\Anti-Leech
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-16 14:09 203 ----a-w C:\rapidhacker.dll
2007-08-14 17:34 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-01 01:27 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-21_23.35.36.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-23 07:26:55 11,264 ----a-r C:\WINDOWS\Installer\{F34D9A5F-484A-4E31-A9D3-908CB265B289}\IconC989D247.exe
- 2007-10-22 06:34:06 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-10-23 07:28:24 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-10-22 06:34:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-10-23 07:28:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-10-22 06:34:06 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-23 07:28:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-10-16 01:31:58 99,480 ----a-w C:\WINDOWS\system32\FwsVpn.dll
+ 2004-10-16 01:31:56 218,264 ----a-w C:\WINDOWS\system32\SetAid.dll
- 2006-11-30 00:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2006-11-30 00:21:29 377,344 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 12:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2006-12-01 12:20:32 219,136 ----a-w C:\WINDOWS\system32\swxcacls.exe
- 2006-11-27 09:34:46 49,152 ----a-w C:\WINDOWS\system32\VFind.exe
+ 2006-11-27 09:34:46 60,996 ----a-w C:\WINDOWS\system32\VFind.exe
+ 2007-10-23 07:28:55 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-08-15 06:28 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-08-15 06:28 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

R2 tjk8rla0zxexp;tjk8rla0zxexp;"C:\WINDOWS\system32\systs.exe"
R3 st3bus28;st3bus28;C:\WINDOWS\system32\DRIVERS\st3bus28.sys
R3 st3mp28;st3mp28;C:\WINDOWS\system32\DRIVERS\st3mp28.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
R4 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys
S3 jswmidin;jswmidin;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\jswmidin.sys
S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 RapDrv;RapDrv;\??\C:\WINDOWS\system32\drivers\RapDrv.sys
S3 RapFile;RapFile;\??\C:\WINDOWS\system32\drivers\RapFile.sys
S3 RapNet;RapNet;\??\C:\WINDOWS\system32\drivers\RapNet.sys
S3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\DRIVERS\netusb.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys

*Newly Created Service* - SMCSERVICE
.
Contents of the 'Scheduled Tasks' folder
"2007-10-18 13:46:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-23 07:00:00 C:\WINDOWS\Tasks\B21ECB5F9709432B.job"
- c:\docume~1\owner\applic~1\sizebo~1\BAIT REAL LOCKS.exe
"2007-10-16 09:18:31 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
"2007-09-26 04:23:43 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-18 11:29:20 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue3\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 00:36:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-23 0:37:11
C:\ComboFix2.txt ... 2007-10-21 23:36
.
--- E O F ---

````````````````````````````````````````````````````````````````````````````````````````````````````````````
Just wanted to first say hello to everyone. (Also thanks for giving me another try at a post, i did look for some rules but guess i missed these, my apologies.)

When i start up my computer i get this error.
----
MOM.EXE - APPLICATION ERROR
Application failed to initialize properly (0cx000007b) Click OK to terminate app.
----
I searched and know its linked to the Catalyst control center or a virus. I have an ATI vid card so id have MOM.EXE, and ive run virus scans and didnt see MOM.EXE in there.
-I also had another about C:\Windows\Sdrive, something about it couldnt find it, but didnt pop up this time.
-And for some reason now when i download Spybot S&D i cant install it. Tried Trend micro and it said i had to remove so i did and now i cant re-download.
*note* the MOM.EXE and C:\Windows\Sdrive errors happened before i uninstalled Spybot S&D, if that helps.
---
From this page. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/. I Tried to get Spybot S&D, says cant establish connection.
The McAfee AVERT Stinger said that it might be infected and couldnt run.

I also cant connect to Windows Update.

An error C:\aklr.exe comes up as well. (Doesnt happen on startup, ive just seen it come up a couple times.)

Any help would be appreciated. thanks in advance.

Edited by daic, 23 October 2007 - 06:56 PM.

            Desktop | Laptop

  • [OS] Windows 10 Pro x64 | 17.3" Touchscreen Windows 10 Pro x64
  • [Motherboard] Intel DZ87KLT-75K
  • [Power Supply] Zalman ZM850-HP Plus 850W
  • [HDD] Seagate Hybrid STCL2000400 2TB | 256 GB SSD
  • [Case] Zalman GS1200
  • [CPU] i5-4440 Processor | Lenovo Y70 Touch (80DU00ESUS) Intel Core i7 4720HQ (2.60 GHz)
  • [Memory] CORSAIR DOMINATOR 16GB (4 x 4GB) 240-Pin DDR3 SDRAM DDR3 1866 | 16 GB Memory
  • [Graphics] ASUS DirectCU II Radeon R9 270X 2GB 256-Bit GDDR5 | NVIDIA GeForce GTX 960M 4GB GDDR5

BC AdBot (Login to Remove)

 


m

#2 daic

daic
  • Topic Starter

  • Members
  • 198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 AM

Posted 24 October 2007 - 12:27 AM

I have been messing around with my problem and i was able to connect to Windows Update and i was able to connect to the Spybot-s&d.exe connection setup. I have run Spybot and removed what was found. I, however, still get the MOM.EXE error at startup and I still can't get Java to install.

Heres the updated logs, perhaps there is something in there that can help with problem. I can also give a DxDiag if needed just ask :thumbsup:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:29 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\systs.exe
C:\WINDOWS\TEMP\PSTO_ps17.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\ISS\BlackICE\blackice.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184780683281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184780653796
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlackICE - Unknown owner - C:\Program Files\ISS\BlackICE\blackd.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: RapApp - Unknown owner - C:\Program Files\ISS\BlackICE\rapapp.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: tjk8rla0zxexp - Unknown owner - C:\WINDOWS\system32\systs.exe

--
End of file - 7572 bytes




ComboFix 07-10-20.6 - Owner 2007-10-23 22:23:00.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.585 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\svchost.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-24 to 2007-10-24 )))))))))))))))))))))))))))))))
.

2007-10-23 21:08 93,696 --a------ C:\vont.exe
2007-10-23 17:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2007-10-23 00:27 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-10-23 00:27 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-10-23 00:27 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-10-23 00:27 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-10-23 00:27 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-10-23 00:27 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-10-23 00:26 <DIR> d-------- C:\Program Files\Sygate
2007-10-23 00:26 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-10-23 00:21 104,968 --------- C:\WINDOWS\system32\drivers\RapDrv.sys
2007-10-23 00:21 36,644 --------- C:\WINDOWS\system32\drivers\RapFile.sys
2007-10-23 00:21 24,344 --------- C:\WINDOWS\system32\drivers\RapNet.sys
2007-10-23 00:21 192 --a------ C:\WINDOWS\system32\tbhi.dat
2007-10-23 00:21 10 --a------ C:\WINDOWS\system32\drivers\tmbi.sys
2007-10-23 00:20 229,331 --------- C:\WINDOWS\system32\drivers\blackdrv.sys
2007-10-23 00:20 147,608 --------- C:\WINDOWS\system32\blackdll.dll
2007-10-23 00:18 61,440 --a------ C:\WINDOWS\keygen.dll
2007-10-22 12:58 58,880 --a------ C:\aklr.exe
2007-10-21 23:37 <DIR> d-------- C:\VundoFix Backups
2007-10-20 05:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-20 04:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-20 03:55 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-20 03:25 <DIR> d-------- C:\Program Files\Yahoo!
2007-10-20 03:24 <DIR> d-------- C:\Program Files\CCleaner
2007-10-20 03:09 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-10-18 23:05 <DIR> d-------- C:\Program Files\service.bat
2007-10-18 23:05 93,696 -r-hs---- C:\WINDOWS\system32\systs.exe
2007-10-18 23:05 275 --a------ C:\msfk.exe
2007-10-18 03:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-10-18 02:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SiteAdvisor
2007-10-18 00:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2007-10-17 23:37 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-17 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-17 05:08 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-10-16 20:08 <DIR> d-------- C:\Program Files\Uniblue3
2007-10-16 05:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2007-10-16 05:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-10-16 05:03 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-16 03:45 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-16 03:39 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-16 03:09 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-16 03:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-25 21:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-09-24 04:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-24 05:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-24 04:44 --------- d-----w C:\Program Files\Java
2007-10-23 08:03 --------- d-----w C:\Program Files\Trillian
2007-10-23 07:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-22 23:03 --------- d-----w C:\Program Files\Labyrinth
2007-10-22 20:54 --------- d-----w C:\Program Files\Warcraft III
2007-10-21 17:16 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-10-21 17:16 --------- d-----w C:\Program Files\DivX
2007-10-20 10:06 --------- d-----w C:\Program Files\ATI Technologies
2007-10-19 10:39 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-10-18 10:25 --------- d-----w C:\Program Files\QuickTime
2007-10-11 16:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\FrostWire
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 04:05 602,112 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-09-29 03:21 9,854,976 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-29 03:07 356,352 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-29 03:06 268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:58 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-29 02:58 32,768 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-29 02:58 143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-29 02:58 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-29 02:57 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-29 02:56 491,520 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-29 02:55 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-29 02:49 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-29 02:47 3,130,720 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-29 02:47 172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-29 02:36 1,593,600 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-29 02:23 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-29 02:22 376,832 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-29 02:20 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-29 02:14 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-28 22:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\BPFTP
2007-09-24 02:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-21 03:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\size bows license
2007-09-17 08:16 --------- d-----w C:\Program Files\Combined Community Codec Pack
2007-08-31 16:50 --------- d-----w C:\Program Files\DirectVobSub
2007-08-31 16:47 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-08-31 16:46 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-08-28 08:35 --------- d-----w C:\Program Files\ESTsoft
2007-08-28 08:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESTsoft
2007-08-27 15:42 --------- d-----w C:\Program Files\Anti-Leech
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-16 14:09 203 ----a-w C:\rapidhacker.dll
2007-08-14 17:34 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-01 01:27 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2007-08-15 06:28 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-08-15 06:28 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

R2 tjk8rla0zxexp;tjk8rla0zxexp;"C:\WINDOWS\system32\systs.exe"
R3 st3bus28;st3bus28;C:\WINDOWS\system32\DRIVERS\st3bus28.sys
R3 st3mp28;st3mp28;C:\WINDOWS\system32\DRIVERS\st3mp28.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S3 jswmidin;jswmidin;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\jswmidin.sys
S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 RapDrv;RapDrv;\??\C:\WINDOWS\system32\drivers\RapDrv.sys
S3 RapFile;RapFile;\??\C:\WINDOWS\system32\drivers\RapFile.sys
S3 RapNet;RapNet;\??\C:\WINDOWS\system32\drivers\RapNet.sys
S3 USBNET;Instant Wireless USB Network Adapter ver.2.6 Driver;C:\WINDOWS\system32\DRIVERS\netusb.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys
S4 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-18 13:46:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-24 05:00:00 C:\WINDOWS\Tasks\B21ECB5F9709432B.job"
- c:\docume~1\owner\applic~1\sizebo~1\BAIT REAL LOCKS.exe
"2007-10-16 09:18:31 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
"2007-09-26 04:23:43 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-24 01:12:52 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 22:25:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-23 22:25:54
C:\ComboFix2.txt ... 2007-10-23 00:37
C:\ComboFix3.txt ... 2007-10-21 23:36
.
--- E O F ---

            Desktop | Laptop

  • [OS] Windows 10 Pro x64 | 17.3" Touchscreen Windows 10 Pro x64
  • [Motherboard] Intel DZ87KLT-75K
  • [Power Supply] Zalman ZM850-HP Plus 850W
  • [HDD] Seagate Hybrid STCL2000400 2TB | 256 GB SSD
  • [Case] Zalman GS1200
  • [CPU] i5-4440 Processor | Lenovo Y70 Touch (80DU00ESUS) Intel Core i7 4720HQ (2.60 GHz)
  • [Memory] CORSAIR DOMINATOR 16GB (4 x 4GB) 240-Pin DDR3 SDRAM DDR3 1866 | 16 GB Memory
  • [Graphics] ASUS DirectCU II Radeon R9 270X 2GB 256-Bit GDDR5 | NVIDIA GeForce GTX 960M 4GB GDDR5

#3 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:27 AM

Posted 13 November 2007 - 03:04 PM

Hi daic, :thumbsup:

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience. :blink:

P.S. Please copy/paste the log into this thread using the Add Reply button.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users