Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • This topic is locked This topic is locked
3 replies to this topic

#1 BROOKE99INFINITI

BROOKE99INFINITI

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 04 May 2008 - 12:59 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:17 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,hxegoxe.exe
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PE2CKFNT SE] "C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [MOD] "C:\Program Files\Microangelo\muamgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [antiviirus] "C:\Program Files\antiviirus.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6253\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] "C:\PROGRA~1\McAfee\MHN\McENUI.exe" /hide
O4 - HKLM\..\Run: [Microsoft Updates] avi0.43.exe
O4 - HKLM\..\Run: [BMcfe299b0] Rundll32.exe "C:\WINDOWS\system32\gtdtjmly.dll",s
O4 - HKLM\..\RunServices: [Microsoft Updates] avi0.43.exe
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [rmoi] C:\PROGRA~1\COMMON~1\rmoi\rmoim.exe
O4 - HKCU\..\Run: [STYLEXP] "C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" -Hide
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Mobipocket Reader Notifications] "C:\Program Files\Mobipocket.com\Mobipocket Reader\readernotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm047MHUS
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall...am3.cab?url=old
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://cdn.digitalcity.com/video/kdx.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: AvpCD - {46625b4c-9fb1-4cf9-9010-3524ca933682} - C:\WINDOWS\Installer\{46625b4c-9fb1-4cf9-9010-3524ca933682}\AvpCD.dll
O21 - SSODL: zip - {58bfb36d-cc8f-4d76-9f59-5a8ffe37d3c5} - C:\WINDOWS\Installer\{58bfb36d-cc8f-4d76-9f59-5a8ffe37d3c5}\zip.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12622 bytes


Okay the above is my hijackthis log and I have tried using Spyware Doctor to get some of this stuff off my computer. What happens is, when I am browsing the internet using Mozilla, my Internet Explorer will start opening itself or playing loud music or ads without even opening a browser. A few days ago it got to where I only some websites load and some don't. The only way I found to fix this temporarily is to close out explore.exe and then reopen it. Please, If anyone can help me get rid of the viruses/spyware ect., I would really appreciate it.

BC AdBot (Login to Remove)

 


#2 BROOKE99INFINITI

BROOKE99INFINITI
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 04 May 2008 - 04:08 PM

Here is my Combofix log, I used Hijack this and went to the site http://hijackthis.de/ and used it to help me decide what to fix with hijackthis, but it didn't work so I used Combofix and this is the log below: I still don't know what to do b/c I am still getting popups really bad and can't use google search engine and yahoo search engine and lots of web sites..The only way around that was to close explorer.exe and reopen it, but I need a permanant fix without having to crash my system and redo everything.



2008-05-04 12:11:56 ( .D... ) "C:\Program Files\Trend Micro"
2008-05-01 10:34:28 107072 ( A.... ) "C:\WINDOWS\system32\gtdtjmly.dll"
2008-04-30 10:38:52 96320 ( A.... ) "C:\WINDOWS\system32\ykankwop.dll"
2008-04-30 10:35:52 105536 ( A.... ) "C:\WINDOWS\system32\gkrdaxoe.dll"
2008-04-30 10:32:52 104512 ( A.... ) "C:\WINDOWS\system32\lhtxxbpb.dll"
2008-04-29 10:35:18 107072 ( A.... ) "C:\WINDOWS\system32\qhtymewx.dll"
2008-04-29 10:32:26 97856 ( A.... ) "C:\WINDOWS\system32\klieiwoh.dll"
2008-04-29 10:32:14 104512 ( A.... ) "C:\WINDOWS\system32\jyrtqmkb.dll"
2008-04-28 10:36:56 95296 ( A.... ) "C:\WINDOWS\system32\nsakyqhr.dll"
2008-04-28 10:33:56 108608 ( A.... ) "C:\WINDOWS\system32\nuoyetqj.dll"
2008-04-28 10:30:56 104000 ( A.... ) "C:\WINDOWS\system32\okeqmwig.dll"
2008-04-27 10:35:54 94784 ( A.... ) "C:\WINDOWS\system32\jtsseguu.dll"
2008-04-27 10:32:54 107072 ( A.... ) "C:\WINDOWS\system32\voodnevc.dll"
2008-04-27 10:30:14 105024 ( A.... ) "C:\WINDOWS\system32\cfufhvah.dll"
2008-04-26 10:37:52 107072 ( A.... ) "C:\WINDOWS\system32\hwicfcfr.dll"
2008-04-26 10:31:50 106048 ( A.... ) "C:\WINDOWS\system32\wmepvfly.dll"
2008-04-26 00:17:50 ( .D... ) "C:\Program Files\COMPACT"
2008-04-25 22:46:16 ( .D... ) "C:\Program Files\Avanquest update"
2008-04-25 22:45:20 ( .D... ) "C:\Program Files\Common Files\Motorola Shared"
2008-04-25 22:45:16 ( .D... ) "C:\Program Files\Motorola Phone Tools"
2008-04-25 22:45:00 ( .D... ) "C:\Documents and Settings\BrOOkE\Application Data\InstallShield"
2008-04-25 22:32:14 38912 ( A.... ) "C:\WINDOWS\system32\geBQkIBQ.dll"
2008-04-25 22:29:16 38912 ( A.... ) "C:\WINDOWS\system32\ddcbYRkh.dll"
2008-04-25 22:23:30 38912 ( A.... ) "C:\WINDOWS\system32\iifGyWpo.dll"
2008-04-25 22:20:36 38912 ( A.... ) "C:\WINDOWS\system32\fCrsrRKd.dll"
2008-04-25 22:17:58 240240 ( A.... ) "C:\WINDOWS\system32\wpcap.dll"
2008-04-25 22:17:58 88704 ( A.... ) "C:\WINDOWS\system32\packet.dll"
2008-04-06 00:56:20 19836024 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2008-03-22 02:18:32 ( .D... ) "C:\Program Files\Spyware Doctor"
2008-03-22 02:18:32 ( .D... ) "C:\Documents and Settings\BrOOkE\Application Data\PC Tools"
2008-03-21 19:03:42 ( .D... ) "C:\Program Files\SiteAdvisor"
2008-03-21 19:03:42 ( .D... ) "C:\Documents and Settings\BrOOkE\Application Data\SiteAdvisor"
2008-03-21 19:01:58 ( .D... ) "C:\Program Files\McAfee.com"
2008-03-21 19:01:56 ( .D... ) "C:\Program Files\Common Files\McAfee"
2008-03-21 19:01:50 ( .D... ) "C:\Program Files\McAfee"
2008-03-21 18:58:42 374 ( A.... ) "C:\Documents and Settings\BrOOkE\Application Data\internaldb6334.dat"
2008-03-21 18:53:54 18432 ( A.... ) "C:\Documents and Settings\BrOOkE\Application Data\internaldb41.dat"
2008-03-21 18:53:52 555 ( A.... ) "C:\Documents and Settings\BrOOkE\Application Data\internaldb8467.dat"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32WINWGPX.EXE"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32winsystem.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32winlogonpc.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32vcatchpi.dll"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32vbsys2.dll"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32thun32.dll"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32thun.dll"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32temp#01.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32taack.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32sysreq.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32ssvchost.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32ssvchost.com"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32ssurf022.dll"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32sncntr.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32Rundl1.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32regm64.dll"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32regc64.dll"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32psoft1.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32psof1.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32ps1.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32newsd32.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32netode.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32mwin32.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32mtr2.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32msvchost.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32mssecu.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32msnbho.dll"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32msgp.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32medup020.dll"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32medup012.dll"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32hxiwlgpm.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32hoproxy.dll"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32h@tkeysh@@k.dll"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32emesx.dll"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32dpcproxy.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32bsva-egihsg52.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32bdn.com"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32awtoolb.dll"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32anticipator.dll"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\system32akttzn.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\mssecu.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\iTunesMusic.exe"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\bdn.com"
2008-03-21 17:43:08 4096 ( A.... ) "C:\WINDOWS\a.bat"
2008-03-19 04:47:00 1845248 ( A.... ) "C:\WINDOWS\system32\win32k.sys"
2008-03-07 12:13:58 ( .D... ) "C:\Program Files\Womble Multimedia"
2008-03-01 18:36:30 3591680 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2008-03-01 08:06:32 826368 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2008-03-01 08:06:30 1159680 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2008-03-01 08:06:30 671232 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
2008-03-01 08:06:30 233472 ( A.... ) "C:\WINDOWS\system32\webcheck.dll"
2008-03-01 08:06:30 105984 ( A.... ) "C:\WINDOWS\system32\url.dll"
2008-03-01 08:06:30 102912 ( A.... ) "C:\WINDOWS\system32\occache.dll"
2008-03-01 08:06:30 44544 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
2008-03-01 08:06:28 478208 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
2008-03-01 08:06:28 193024 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
2008-03-01 08:06:26 459264 ( A.... ) "C:\WINDOWS\system32\msfeeds.dll"
2008-03-01 08:06:26 267776 ( A.... ) "C:\WINDOWS\system32\iertutil.dll"
2008-03-01 08:06:26 52224 ( A.... ) "C:\WINDOWS\system32\msfeedsbs.dll"
2008-03-01 08:06:26 27648 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2008-03-01 08:06:24 6066176 ( A.... ) "C:\WINDOWS\system32\ieframe.dll"
2008-03-01 08:06:24 44544 ( A.... ) "C:\WINDOWS\system32\iernonce.dll"
2008-03-01 08:06:22 384512 ( A.... ) "C:\WINDOWS\system32\iedkcs32.dll"
2008-03-01 08:06:22 383488 ( A.... ) "C:\WINDOWS\system32\ieapfltr.dll"
2008-03-01 08:06:22 347136 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"
2008-03-01 08:06:22 230400 ( A.... ) "C:\WINDOWS\system32\ieaksie.dll"
2008-03-01 08:06:22 214528 ( A.... ) "C:\WINDOWS\system32\dxtrans.dll"
2008-03-01 08:06:22 153088 ( A.... ) "C:\WINDOWS\system32\ieakeng.dll"
2008-03-01 08:06:22 133120 ( A.... ) "C:\WINDOWS\system32\extmgr.dll"
2008-03-01 08:06:22 63488 ( A.... ) "C:\WINDOWS\system32\icardie.dll"
2008-03-01 08:06:20 124928 ( A.... ) "C:\WINDOWS\system32\advpack.dll"
2008-02-29 03:55:24 70656 ( A.... ) "C:\WINDOWS\system32\ie4uinit.exe"
2008-02-25 02:56:40 107888 ( A.... ) "C:\WINDOWS\system32\CmdLineExt.dll"
2008-02-20 01:51:06 282624 ( A.... ) "C:\WINDOWS\system32\gdi32.dll"
2008-02-20 00:32:44 148992 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2008-02-20 00:32:44 45568 ( A.... ) "C:\WINDOWS\system32\dnsrslvr.dll"
2008-02-15 00:44:26 161792 ( A.... ) "C:\WINDOWS\system32\ieakui.dll"
2008-02-10 13:17:06 675579 ( A.... ) "C:\WINDOWS\PROGRAM.exe"
2008-02-10 13:17:02 177480 ( A.... ) "C:\WINDOWS\distro_SelectRebatesSetup_um1002.exe"
2004-04-11 20:43:38 45 ( A.... ) "C:\Program Files\Custom.ini"
2003-10-03 11:46:08 225280 ( A.... ) "C:\Program Files\setup.exe"
2003-07-28 11:13:02 42 ( A.... ) "C:\Program Files\AUTORUN.INF"
2003-02-25 12:04:28 4632 ( A.... ) "C:\Program Files\0x0409.ini"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"PE2CKFNT SE"="\"C:\\Program Files\\Ulead Systems\\Ulead Photo Express 2 SE\\ChkFont.exe\""
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"Share-to-Web Namespace Daemon"="\"C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe\""
"MOD"="\"C:\\Program Files\\Microangelo\\muamgr.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"SNM"="C:\\Program Files\\SpyNoMore\\SNM.exe /startup"
"BootSkin Startup Jobs"="\"C:\\PROGRA~1\\Stardock\\WINCUS~1\\BootSkin\\BootSkin.exe\" /StartupJobs"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"mcagent_exe"="\"C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe\" /runkey"
"SiteAdvisor"="\"C:\\Program Files\\SiteAdvisor\\6253\\SiteAdv.exe\""
"McENUI"="\"C:\\PROGRA~1\\McAfee\\MHN\\McENUI.exe\" /hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"STYLEXP"="\"C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe\" -Hide"
"kdx"="C:\\WINDOWS\\kdx\\KHost.exe -all"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"Mobipocket Reader Notifications"="\"C:\\Program Files\\Mobipocket.com\\Mobipocket Reader\\readernotify.exe\""
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"="C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"="C:\\PROGRA~1\\SYMNET~1\\SNDWarn.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

Completion time: Sun 05/04/2008 15:56:39.32
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt

#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:13 AM

Posted 25 May 2008 - 09:01 PM

Hello BROOKE99INFINITI

Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.

BROOKE99INFINITI, by replying to your own post you removed yourself from the Zero replies catagory that we look for to work logs and it looked like you where being helped.

Ken

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:05:13 AM

Posted 21 September 2014 - 06:54 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users