Bestseller antispyware got me... help!!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

goodgirlzdont77

Thread Starter
Joined
Oct 31, 2007
Messages
4
Im not very knowledgeable of computers.. but i can make my way around.. so please bare with me

Ive got notifications popping up saying that I have malware and spyware attacking my computer.. also telling me to download bestseller antispyware... which i now know is not legit.
I have a yellow square blinking telling me of security issues, and no matter how many times i try to delete them i have an "online security guide" and "live safety center" icons on my desktop.
I have pop ups galore from internet explorer.. although i use mozilla firefox. My computer is extremely slow.. please help!!!

what ive done so far...

Ive used macafee, spyware doctor, SUPERantispyware free edition, AVG 7.5.. all of which ive run on safe mode and detected threats, but of course to no avail when they were removed

Ive also tried to do a system restore... but there were no restore points to go to...

Help????

here is my hijack log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:40 PM, on 10/31/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\PROMon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\bxovtkab.exe
C:\WINNT\System32\NMSSvc.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\taskmgr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Norton Security Scan\Nss.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clubpogo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clubpogo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: (no name) - {012C1FE0-381B-4D55-A789-339E0F67ED5E} - C:\Program Files\Windows Media Player\holemuv83122.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {25997E08-274A-4217-8F71-C89C754242C1} - C:\WINNT\System32\khfedde.dll
O2 - BHO: 0 - {2AD17320-FC38-473F-26B4-8FD26817AEBD} - (no file)
O2 - BHO: (no name) - {37A48F52-F986-49CC-9ED1-7721566B64BF} - C:\WINNT\System32\vtstu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7EF0AFB1-6BD8-48DB-9CED-136382A61FA4} - C:\Program Files\Windows Media Player\holemuv4444.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINNT\System32\hanhngtz.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINNT\System32\hanhngtz.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\TK58_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\EARTH_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\GMHLTEX7\DOWNLO~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\SHIELD~1.SH!
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: $McRebootA5E6DEAA56$.lnk = C:\WINNT\system32\cmd.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.pogo.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O20 - Winlogon Notify: hanhngtz - C:\WINNT\SYSTEM32\hanhngtz.dll
O23 - Service: McAfee Application Installer Cleanup (0165941193883278) (0165941193883278mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Owner\LOCALS~1\Temp\016594~1.EXE
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: DomainService - - C:\WINNT\System32\bxovtkab.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 7451 bytes
 

goodgirlzdont77

Thread Starter
Joined
Oct 31, 2007
Messages
4
I took the liberty of running combo fix and another hijack log....

ComboFix 07-11-01.1 - Owner 2007-11-01 8:58:15.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix(2).exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Owner\Application Data\DOBE~1
C:\Documents and Settings\Owner\Application Data\install.dat
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\QY638Z74\www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Owner\Application Data\RACLE~1
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\Owner\Application Data\STEM~1
C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007 Free
C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007 Free\DownloadUWAS7.url
C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\Owner\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Owner\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Owner\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Owner\My Documents\CROSOF~1
C:\Documents and Settings\Owner\My Documents\YSTEM3~1
C:\Program Files\Common Files\{34E17~1
C:\Program Files\Common Files\{34E17~1\toolbardll.lzma
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\fnts~1
C:\Program Files\Hotbar
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\Program Files\oin search
C:\Program Files\outlook
C:\Program Files\sstem~1
C:\Program Files\TTC.dll
C:\Program Files\Windows Media Player\holemuv4444.dll
C:\Program Files\Windows Media Player\holemuv83122.dll
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINNT\b.exe
C:\WINNT\cookies.ini
C:\WINNT\IA
C:\WINNT\pppatc~1
C:\WINNT\system32\a13
C:\WINNT\system32\bxovtkab.exe
C:\WINNT\system32\cmd.com
C:\WINNT\system32\crosof~1
C:\WINNT\system32\drivers\core.cache.dsk
C:\WINNT\system32\drivers\fmtr.sys
C:\WINNT\system32\e2
C:\WINNT\system32\e2\caws83122.exe
C:\WINNT\system32\ewbycubq.ini
C:\WINNT\system32\g1
C:\WINNT\system32\hanhngtz.dllbox
C:\WINNT\system32\i8
C:\WINNT\system32\i8\taldrvr11.exe
C:\WINNT\system32\model.dat
C:\WINNT\system32\netstat.com
C:\WINNT\system32\pac.txt
C:\WINNT\system32\ping.com
C:\WINNT\system32\qbucybwe.dll
C:\WINNT\system32\racle~1
C:\WINNT\system32\racle~2
C:\WINNT\system32\regedit.com
C:\WINNT\system32\taskkill.com
C:\WINNT\system32\tasklist.com
C:\WINNT\system32\tracert.com
C:\WINNT\system32\utstv.bak1
C:\WINNT\system32\utstv.bak2
C:\WINNT\system32\utstv.ini
C:\WINNT\system32\vtstu.dll
C:\WINNT\system32\x22
C:\WINNT\tk58.exe
C:\WINNT\TTC-4444.exe
C:\WINNT\wr.txt
C:\z.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-01 to 2007-11-01 )))))))))))))))))))))))))))))))
.

2007-11-01 08:56 51,200 --a------ C:\WINNT\NirCmd.exe
2007-10-31 21:41 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-10-31 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-31 16:52 235,008 --a------ C:\WINNT\UNBOC.EXE
2007-10-31 16:52 208,896 --a------ C:\WINNT\CMDLIC.DLL
2007-10-31 16:51 <DIR> d-------- C:\Program Files\Comodo
2007-10-31 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-31 08:17 8,706,680 --a------ C:\Windows-KB890830-V1.34.exe
2007-10-31 07:35 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
2007-10-31 07:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-31 07:07 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-31 06:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-31 06:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-31 06:24 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-10-31 06:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-31 06:00 <DIR> d-------- C:\Program Files\XoftSpySE
2007-10-31 05:59 3,178,952 --a------ C:\XoftSpySE433_263.exe
2007-10-31 00:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-10-31 00:03 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-31 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-10-30 22:13 626,688 --a------ C:\WINNT\system32\msvcr80.dll
2007-10-30 22:06 24,064 --a------ C:\WINNT\system32\msxml3a.dll
2007-10-30 21:59 340,032 --a------ C:\WINNT\system32\hanhngtz.dll
2007-10-30 21:58 340,032 --a------ C:\WINNT\system32\pnbowjbb.dll
2007-10-30 16:45 35,840 --a------ C:\WINNT\mrofinu1188.exe
2007-10-30 16:45 35,840 --a------ C:\WINNT\mrofinu1000106.exe
2007-10-30 16:45 82 --a------ C:\n.bat
2007-10-30 16:45 0 --a------ C:\z.dat
2007-10-30 16:44 <DIR> d-------- C:\WINNT\system32\Mz18r
2007-10-30 16:44 <DIR> d-------- C:\Temp\mZOr
2007-10-30 16:44 32,256 --a------ C:\WINNT\system32\khfedde.dll
2007-10-30 16:44 28,672 --a------ C:\Documents and Settings\Owner\update.exe
2007-10-28 16:25 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-10-26 16:24 <DIR> d-------- C:\Program Files\QuickTime
2007-10-26 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-26 16:02 <DIR> d-------- C:\Program Files\Java
2007-10-26 16:00 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-15 15:49 <DIR> d-------- C:\Program Files\MP3 WAV Converter
2007-10-09 14:39 <DIR> d-------- C:\Program Files\LimeWire
2007-10-05 23:54 <DIR> d-------- C:\Program Files\MySpace

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-01 15:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-01 03:39 --------- d-----w C:\Program Files\Google
2007-10-31 11:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-31 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-31 05:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-10-31 05:45 --------- d-----w C:\Program Files\Yahoo!
2007-10-31 05:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-10-31 05:44 --------- d--h--r C:\Documents and Settings\Owner\Application Data\yahoo!
2007-10-26 21:11 --------- d-----w C:\Program Files\Oberon Media
2007-10-12 02:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\Pogo Games
2007-09-28 05:03 6,016,952 ----a-w C:\Firefox Setup 2.0.0.7.exe
2007-09-26 18:58 --------- d--h--w C:\Documents and Settings\Owner\Application Data\Move Networks
2007-09-24 05:15 --------- d-----w C:\Program Files\Apple Software Update
2007-09-24 05:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-13 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\winamp
2007-09-13 03:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Netscape
2007-09-13 03:11 --------- d-----w C:\Program Files\Netscape
2007-09-10 23:37 --------- d-----w C:\Program Files\YourScreen
2007-09-10 22:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2007-09-07 05:17 --------- d-----w C:\Program Files\Norton AntiVirus
2007-06-13 00:15 2,369,640 ----a-w C:\Program Files\4bspirit.zip
2006-12-24 04:47 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2002-10-02 20:33:16 32 -csha-w C:\WINNT\{9FAB8911-3BC4-493A-9D31-15B0694333AF}.dat
2007-06-24 17:04:09 1,872,038 --sha-w C:\WINNT\system32\qpqss.bak1
2007-06-28 15:37:15 1,818,557 --sha-w C:\WINNT\system32\qpqss.bak2
2002-10-02 20:33:16 32 -csha-w C:\WINNT\system32\{132DF614-59EA-4791-9A10-1D83F9D5DFF3}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25997E08-274A-4217-8F71-C89C754242C1}]
2007-10-30 16:44 32256 --a------ C:\WINNT\System32\khfedde.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AD17320-FC38-473F-26B4-8FD26817AEBD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-30 21:59 340032 --a------ C:\WINNT\system32\hanhngtz.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINNT\system32\hanhngtz.dll [2007-10-30 21:59 340032]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 14:50 C:\WINNT\system32\SK9910DM.EXE]
"GWMDMMSG"="GWMDMMSG.exe" [2002-08-06 15:24 C:\WINNT\GWMDMMSG.exe]
"PROMon.exe"="PROMon.exe" [2002-04-18 18:32 C:\WINNT\system32\PROMon.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-31 00:01]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"=c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\TK58_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\EARTH_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\GMHLTEX7\DOWNLO~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\SHIELD~1.SH!

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-31 21:39:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{25997E08-274A-4217-8F71-C89C754242C1}"= C:\WINNT\System32\khfedde.dll [2007-10-30 16:44 32256]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hanhngtz]
hanhngtz.dll 2007-10-30 21:59 340032 C:\WINNT\system32\hanhngtz.dll

R2 NMSSvc;Intel(R) NMS;C:\WINNT\System32\NMSSvc.exe
R2 RioPNP;RioPNP;C:\WINNT\System32\drivers\RioPNP.sys
R3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINNT\System32\drivers\NMSCFG.SYS
S3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
S3 PCDRDRV;Pcdr Helper Driver;\??\C:\Atf\Qctest\PCDoc\PCDRDRV.sys

*Newly Created Service* - NMSSVC
.
Contents of the 'Scheduled Tasks' folder
"2007-10-26 17:58:09 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
"2007-10-28 09:30:00 C:\WINNT\Tasks\ErrorKiller Scheduled Scan.job"
"2007-11-01 03:41:22 C:\WINNT\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-01 09:05:30
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-01 9:09:39 - machine was rebooted
.
--- E O F ---






hijack log....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:18 AM, on 11/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\WINNT\System32\PROMon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\System32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clubpogo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clubpogo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {25997E08-274A-4217-8F71-C89C754242C1} - C:\WINNT\System32\khfedde.dll
O2 - BHO: 0 - {2AD17320-FC38-473F-26B4-8FD26817AEBD} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINNT\system32\hanhngtz.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINNT\system32\hanhngtz.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\TK58_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\EARTH_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\GMHLTEX7\DOWNLO~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\SHIELD~1.SH!
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.pogo.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O20 - Winlogon Notify: hanhngtz - C:\WINNT\SYSTEM32\hanhngtz.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

--
End of file - 6357 bytes
 

goodgirlzdont77

Thread Starter
Joined
Oct 31, 2007
Messages
4
so sorry...
i found my question on page six with no response yet from a tech...

please help me !!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top