1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Bestseller antispyware got me... help!!!

Discussion in 'Virus & Other Malware Removal' started by goodgirlzdont77, Oct 31, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. goodgirlzdont77

    goodgirlzdont77 Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    4
    Im not very knowledgeable of computers.. but i can make my way around.. so please bare with me

    Ive got notifications popping up saying that I have malware and spyware attacking my computer.. also telling me to download bestseller antispyware... which i now know is not legit.
    I have a yellow square blinking telling me of security issues, and no matter how many times i try to delete them i have an "online security guide" and "live safety center" icons on my desktop.
    I have pop ups galore from internet explorer.. although i use mozilla firefox. My computer is extremely slow.. please help!!!

    what ive done so far...

    Ive used macafee, spyware doctor, SUPERantispyware free edition, AVG 7.5.. all of which ive run on safe mode and detected threats, but of course to no avail when they were removed

    Ive also tried to do a system restore... but there were no restore points to go to...

    Help????

    here is my hijack log...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:41:40 PM, on 10/31/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\SK9910DM.EXE
    C:\WINNT\GWMDMMSG.exe
    C:\WINNT\System32\PROMon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINNT\System32\bxovtkab.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINNT\System32\wuauclt.exe
    C:\WINNT\System32\taskmgr.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Norton Security Scan\Nss.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clubpogo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clubpogo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    F3 - REG:win.ini: load=
    F3 - REG:win.ini: run=
    O2 - BHO: (no name) - {012C1FE0-381B-4D55-A789-339E0F67ED5E} - C:\Program Files\Windows Media Player\holemuv83122.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {25997E08-274A-4217-8F71-C89C754242C1} - C:\WINNT\System32\khfedde.dll
    O2 - BHO: 0 - {2AD17320-FC38-473F-26B4-8FD26817AEBD} - (no file)
    O2 - BHO: (no name) - {37A48F52-F986-49CC-9ED1-7721566B64BF} - C:\WINNT\System32\vtstu.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7EF0AFB1-6BD8-48DB-9CED-136382A61FA4} - C:\Program Files\Windows Media Player\holemuv4444.dll
    O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINNT\System32\hanhngtz.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINNT\System32\hanhngtz.dll
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\TK58_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\EARTH_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\GMHLTEX7\DOWNLO~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\SHIELD~1.SH!
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: $McRebootA5E6DEAA56$.lnk = C:\WINNT\system32\cmd.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: www.pogo.com
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O20 - Winlogon Notify: hanhngtz - C:\WINNT\SYSTEM32\hanhngtz.dll
    O23 - Service: McAfee Application Installer Cleanup (0165941193883278) (0165941193883278mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Owner\LOCALS~1\Temp\016594~1.EXE
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: DomainService - - C:\WINNT\System32\bxovtkab.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

    --
    End of file - 7451 bytes
     
  2. goodgirlzdont77

    goodgirlzdont77 Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    4
    can someone help me please??
     
  3. goodgirlzdont77

    goodgirlzdont77 Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    4
    I took the liberty of running combo fix and another hijack log....

    ComboFix 07-11-01.1 - Owner 2007-11-01 8:58:15.1 - NTFSx86
    Running from: C:\Documents and Settings\Owner\Desktop\ComboFix(2).exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
    C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
    C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
    C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
    C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\LocalService\Application Data\NetMon
    C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
    C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
    C:\Documents and Settings\Owner\Application Data\DOBE~1
    C:\Documents and Settings\Owner\Application Data\install.dat
    C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\QY638Z74\www.broadcaster.com
    C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\Documents and Settings\Owner\Application Data\RACLE~1
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility_Icons
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
    C:\Documents and Settings\Owner\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
    C:\Documents and Settings\Owner\Application Data\STEM~1
    C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007 Free
    C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007 Free\DownloadUWAS7.url
    C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007
    C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007\Logs\update.log
    C:\Documents and Settings\Owner\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Owner\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Owner\Favorites\Online Security Guide.lnk
    C:\Documents and Settings\Owner\My Documents\CROSOF~1
    C:\Documents and Settings\Owner\My Documents\YSTEM3~1
    C:\Program Files\Common Files\{34E17~1
    C:\Program Files\Common Files\{34E17~1\toolbardll.lzma
    C:\Program Files\Common Files\winantispyware 2007
    C:\Program Files\Common Files\winantispyware 2007\err.log
    C:\Program Files\fnts~1
    C:\Program Files\Hotbar
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar\History\search2
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
    C:\Program Files\MyWebSearch\bar\Settings\setting2.htm.bak
    C:\Program Files\MyWebSearch\bar\Settings\settings.dat
    C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
    C:\Program Files\oin search
    C:\Program Files\outlook
    C:\Program Files\sstem~1
    C:\Program Files\TTC.dll
    C:\Program Files\Windows Media Player\holemuv4444.dll
    C:\Program Files\Windows Media Player\holemuv83122.dll
    C:\temp\0b9
    C:\temp\0b9\tmpTF.log
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\temp\iee
    C:\temp\iee\tmpZTF.log
    C:\temp\tn3
    C:\WINNT\b.exe
    C:\WINNT\cookies.ini
    C:\WINNT\IA
    C:\WINNT\pppatc~1
    C:\WINNT\system32\a13
    C:\WINNT\system32\bxovtkab.exe
    C:\WINNT\system32\cmd.com
    C:\WINNT\system32\crosof~1
    C:\WINNT\system32\drivers\core.cache.dsk
    C:\WINNT\system32\drivers\fmtr.sys
    C:\WINNT\system32\e2
    C:\WINNT\system32\e2\caws83122.exe
    C:\WINNT\system32\ewbycubq.ini
    C:\WINNT\system32\g1
    C:\WINNT\system32\hanhngtz.dllbox
    C:\WINNT\system32\i8
    C:\WINNT\system32\i8\taldrvr11.exe
    C:\WINNT\system32\model.dat
    C:\WINNT\system32\netstat.com
    C:\WINNT\system32\pac.txt
    C:\WINNT\system32\ping.com
    C:\WINNT\system32\qbucybwe.dll
    C:\WINNT\system32\racle~1
    C:\WINNT\system32\racle~2
    C:\WINNT\system32\regedit.com
    C:\WINNT\system32\taskkill.com
    C:\WINNT\system32\tasklist.com
    C:\WINNT\system32\tracert.com
    C:\WINNT\system32\utstv.bak1
    C:\WINNT\system32\utstv.bak2
    C:\WINNT\system32\utstv.ini
    C:\WINNT\system32\vtstu.dll
    C:\WINNT\system32\x22
    C:\WINNT\tk58.exe
    C:\WINNT\TTC-4444.exe
    C:\WINNT\wr.txt
    C:\z.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CMDSERVICE
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_NETWORK_MONITOR
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-10-01 to 2007-11-01 )))))))))))))))))))))))))))))))
    .

    2007-11-01 08:56 51,200 --a------ C:\WINNT\NirCmd.exe
    2007-10-31 21:41 <DIR> d-------- C:\Program Files\Norton Security Scan
    2007-10-31 21:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2007-10-31 16:52 235,008 --a------ C:\WINNT\UNBOC.EXE
    2007-10-31 16:52 208,896 --a------ C:\WINNT\CMDLIC.DLL
    2007-10-31 16:51 <DIR> d-------- C:\Program Files\Comodo
    2007-10-31 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-31 08:17 8,706,680 --a------ C:\Windows-KB890830-V1.34.exe
    2007-10-31 07:35 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
    2007-10-31 07:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-10-31 07:07 <DIR> d-------- C:\Program Files\Trend Micro
    2007-10-31 06:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-10-31 06:24 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-10-31 06:24 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
    2007-10-31 06:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-31 06:00 <DIR> d-------- C:\Program Files\XoftSpySE
    2007-10-31 05:59 3,178,952 --a------ C:\XoftSpySE433_263.exe
    2007-10-31 00:06 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVG7
    2007-10-31 00:03 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-10-31 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-10-30 22:13 626,688 --a------ C:\WINNT\system32\msvcr80.dll
    2007-10-30 22:06 24,064 --a------ C:\WINNT\system32\msxml3a.dll
    2007-10-30 21:59 340,032 --a------ C:\WINNT\system32\hanhngtz.dll
    2007-10-30 21:58 340,032 --a------ C:\WINNT\system32\pnbowjbb.dll
    2007-10-30 16:45 35,840 --a------ C:\WINNT\mrofinu1188.exe
    2007-10-30 16:45 35,840 --a------ C:\WINNT\mrofinu1000106.exe
    2007-10-30 16:45 82 --a------ C:\n.bat
    2007-10-30 16:45 0 --a------ C:\z.dat
    2007-10-30 16:44 <DIR> d-------- C:\WINNT\system32\Mz18r
    2007-10-30 16:44 <DIR> d-------- C:\Temp\mZOr
    2007-10-30 16:44 32,256 --a------ C:\WINNT\system32\khfedde.dll
    2007-10-30 16:44 28,672 --a------ C:\Documents and Settings\Owner\update.exe
    2007-10-28 16:25 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
    2007-10-26 16:24 <DIR> d-------- C:\Program Files\QuickTime
    2007-10-26 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-10-26 16:02 <DIR> d-------- C:\Program Files\Java
    2007-10-26 16:00 <DIR> d-------- C:\Program Files\Common Files\Java
    2007-10-15 15:49 <DIR> d-------- C:\Program Files\MP3 WAV Converter
    2007-10-09 14:39 <DIR> d-------- C:\Program Files\LimeWire
    2007-10-05 23:54 <DIR> d-------- C:\Program Files\MySpace

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-01 15:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-11-01 03:39 --------- d-----w C:\Program Files\Google
    2007-10-31 11:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-31 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-31 05:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
    2007-10-31 05:45 --------- d-----w C:\Program Files\Yahoo!
    2007-10-31 05:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
    2007-10-31 05:44 --------- d--h--r C:\Documents and Settings\Owner\Application Data\yahoo!
    2007-10-26 21:11 --------- d-----w C:\Program Files\Oberon Media
    2007-10-12 02:11 --------- d-----w C:\Documents and Settings\Owner\Application Data\Pogo Games
    2007-09-28 05:03 6,016,952 ----a-w C:\Firefox Setup 2.0.0.7.exe
    2007-09-26 18:58 --------- d--h--w C:\Documents and Settings\Owner\Application Data\Move Networks
    2007-09-24 05:15 --------- d-----w C:\Program Files\Apple Software Update
    2007-09-24 05:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-09-13 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\winamp
    2007-09-13 03:12 --------- d-----w C:\Documents and Settings\Owner\Application Data\Netscape
    2007-09-13 03:11 --------- d-----w C:\Program Files\Netscape
    2007-09-10 23:37 --------- d-----w C:\Program Files\YourScreen
    2007-09-10 22:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
    2007-09-07 05:17 --------- d-----w C:\Program Files\Norton AntiVirus
    2007-06-13 00:15 2,369,640 ----a-w C:\Program Files\4bspirit.zip
    2006-12-24 04:47 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    2002-10-02 20:33:16 32 -csha-w C:\WINNT\{9FAB8911-3BC4-493A-9D31-15B0694333AF}.dat
    2007-06-24 17:04:09 1,872,038 --sha-w C:\WINNT\system32\qpqss.bak1
    2007-06-28 15:37:15 1,818,557 --sha-w C:\WINNT\system32\qpqss.bak2
    2002-10-02 20:33:16 32 -csha-w C:\WINNT\system32\{132DF614-59EA-4791-9A10-1D83F9D5DFF3}.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25997E08-274A-4217-8F71-C89C754242C1}]
    2007-10-30 16:44 32256 --a------ C:\WINNT\System32\khfedde.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AD17320-FC38-473F-26B4-8FD26817AEBD}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-10-30 21:59 340032 --a------ C:\WINNT\system32\hanhngtz.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINNT\system32\hanhngtz.dll [2007-10-30 21:59 340032]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Hot Key Kbd 9910 Daemon"="SK9910DM.EXE" [2001-01-03 14:50 C:\WINNT\system32\SK9910DM.EXE]
    "GWMDMMSG"="GWMDMMSG.exe" [2002-08-06 15:24 C:\WINNT\GWMDMMSG.exe]
    "PROMon.exe"="PROMon.exe" [2002-04-18 18:32 C:\WINNT\system32\PROMon.exe]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-31 00:01]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
    "DelayShred"=c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\TK58_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\EARTH_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\GMHLTEX7\DOWNLO~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\SHIELD~1.SH!

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-31 21:39:46]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{25997E08-274A-4217-8F71-C89C754242C1}"= C:\WINNT\System32\khfedde.dll [2007-10-30 16:44 32256]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hanhngtz]
    hanhngtz.dll 2007-10-30 21:59 340032 C:\WINNT\system32\hanhngtz.dll

    R2 NMSSvc;Intel(R) NMS;C:\WINNT\System32\NMSSvc.exe
    R2 RioPNP;RioPNP;C:\WINNT\System32\drivers\RioPNP.sys
    R3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINNT\System32\drivers\NMSCFG.SYS
    S3 BOCDRIVE;BOClean Kernel Monitor.;\??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys
    S3 PCDRDRV;Pcdr Helper Driver;\??\C:\Atf\Qctest\PCDoc\PCDRDRV.sys

    *Newly Created Service* - NMSSVC
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-26 17:58:09 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
    "2007-10-28 09:30:00 C:\WINNT\Tasks\ErrorKiller Scheduled Scan.job"
    "2007-11-01 03:41:22 C:\WINNT\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-01 09:05:30
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-11-01 9:09:39 - machine was rebooted
    .
    --- E O F ---






    hijack log....

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:16:18 AM, on 11/1/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\WINNT\System32\SK9910DM.EXE
    C:\WINNT\GWMDMMSG.exe
    C:\WINNT\System32\PROMon.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINNT\System32\wuauclt.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINNT\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clubpogo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clubpogo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {25997E08-274A-4217-8F71-C89C754242C1} - C:\WINNT\System32\khfedde.dll
    O2 - BHO: 0 - {2AD17320-FC38-473F-26B4-8FD26817AEBD} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINNT\system32\hanhngtz.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINNT\system32\hanhngtz.dll
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\RunOnce: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\TK58_1~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\EARTH_~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\GMHLTEX7\DOWNLO~1.SH! C:\DOCUME~1\Owner\LOCALS~1\TEMPOR~1\Content.IE5\1E0PQIAK\SHIELD~1.SH!
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: www.pogo.com
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O20 - Winlogon Notify: hanhngtz - C:\WINNT\SYSTEM32\hanhngtz.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

    --
    End of file - 6357 bytes
     
  4. goodgirlzdont77

    goodgirlzdont77 Thread Starter

    Joined:
    Oct 31, 2007
    Messages:
    4
    so sorry...
    i found my question on page six with no response yet from a tech...

    please help me !!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/646193

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice