1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

need help with a hijack log

Discussion in 'Virus & Other Malware Removal' started by replay, Oct 31, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. replay

    replay Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    5,536
    trying to help a freind out with his infected computer, have deleted what i know in add & remove progs also ran adaware,spybot cc cleaner
    his computer is NOT hooked up to the net so i will have to load any prog's and thumb drive them to his system.....thx ....he does have avg antivirus (not sure why it didn't show with 04 startup)

    Logfile of HijackThis v1.99.1
    Scan saved at 8:55:40 PM, on 10/30/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\csrss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINNT\explorer.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\Program Files\Grisoft\AVG Free\avgwb.dat
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m5/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O2 - BHO: IE - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
    O2 - BHO: (no name) - {293DC58B-63B3-4BFA-BC37-56609A4C9F65} - C:\WINNT\system32\compobjr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {D85018E8-040B-4225-A060-C1F98F97D00F} - c:\winnt\system32\ctl3dv2q.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
    O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .m4p: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
    O15 - Trusted Zone: *.whataboutadog.com
    O15 - Trusted Zone: *.whataboutarabit.com
    O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} - http://activex.microsoft.com/objects/ocget.dll
    O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} - http://activex.microsoft.com/objects/ocget.dll
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128576105078
    O20 - AppInit_DLLs:
    O20 - Winlogon Notify: vktoxrpl - C:\WINNT\SYSTEM32\ctl3dv2q.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Fax Service (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINNT\system32\drivers\KodakCCS.exe (file missing)
     
  2. replay

    replay Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    5,536
  3. replay

    replay Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    5,536
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/31/2007 at 09:35 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270

    Scan type : Complete Scan
    Total Scan Time : 00:21:29

    Memory items scanned : 285
    Memory threats detected : 0
    Registry items scanned : 5426
    Registry threats detected : 79
    File items scanned : 21142
    File threats detected : 44

    Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
    HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
    HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
    HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}#AppID
    HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\InprocServer32
    HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\ProgID
    HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\Programmable
    HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\TypeLib
    HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\VersionIndependentProgID
    C:\PROGRAM FILES\WINBUDGET\BIN\MATRIX.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}

    Adware.Qoologic/QoolAid
    HKCR\Folder\shellex\columnhandlers\{CE3A44D8-BC88-4D62-A890-42D96245F8D6}

    Trojan.WinAntiSpyware/WinAntiVirus 2006/2007
    C:\WINNT\system32\drivers\uwasfsd.sys

    Adware.HotBar/SpamBlockerUtility (Low Risk)
    C:\Documents and Settings\Administrator\Application Data\SpamBlocker
    C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1\btntrans.idx
    C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1
    C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static
    C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility
    C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility\v3.0
    C:\Documents and Settings\Administrator\Application Data\SpamBlockerUtility
    HKLM\Software\SpamBlockerUtility
    HKLM\Software\SpamBlockerUtility\Hotbar
    HKLM\Software\SpamBlockerUtility\Hotbar\Install
    HKLM\Software\SpamBlockerUtility\Hotbar\Install#StartInstall
    HKLM\Software\SpamBlockerUtility\SpamBlockerUtility
    HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\PI
    HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\PI\3.2
    HKLM\Software\SpamBlockerUtility\SpamBlockerUtility\PI\3.2#PID00

    Adware.Elite Media
    HKLM\Software\elite
    HKLM\Software\elite#check
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\elitemediagroup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\elitemediagroup#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\elitemediagroup#UninstallString
    HKCR\Interface\{EFDFE6EE-8888-422E-AB3C-B48589338AE3}
    HKCR\Interface\{EFDFE6EE-8888-422E-AB3C-B48589338AE3}\ProxyStubClsid
    HKCR\Interface\{EFDFE6EE-8888-422E-AB3C-B48589338AE3}\ProxyStubClsid32
    HKCR\Interface\{EFDFE6EE-8888-422E-AB3C-B48589338AE3}\TypeLib
    HKCR\Interface\{EFDFE6EE-8888-422E-AB3C-B48589338AE3}\TypeLib#Version
    C:\WINNT\elitemediagroup.ini
    C:\WINNT\em06y.ini
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22319F8-2163-4FD2-A5FF-F2655C27CF3D}\RP5\A0004508.INF

    Adware.MediaMotor
    C:\WINNT\System32\safe.tlb

    Malware.Ultimate Defender
    C:\Documents and Settings\Administrator\Application Data\Ultimate Defender\logs\1159548091.log
    C:\Documents and Settings\Administrator\Application Data\Ultimate Defender\logs\1159893647.log
    C:\Documents and Settings\Administrator\Application Data\Ultimate Defender\logs\1159980075.log
    C:\Documents and Settings\Administrator\Application Data\Ultimate Defender\logs\1160067876.log
    C:\Documents and Settings\Administrator\Application Data\Ultimate Defender\logs\1160152938.log
    C:\Documents and Settings\Administrator\Application Data\Ultimate Defender\logs\1160498508.log
    C:\Documents and Settings\Administrator\Application Data\Ultimate Defender\logs
    C:\Documents and Settings\Administrator\Application Data\Ultimate Defender

    Malware.SystemDoctor
    C:\Documents and Settings\Administrator\Application Data\SystemDoctor 2006 Free\Logs\update.log
    C:\Documents and Settings\Administrator\Application Data\SystemDoctor 2006 Free\Logs
    C:\Documents and Settings\Administrator\Application Data\SystemDoctor 2006 Free
    C:\WINNT\DOWNLOADED PROGRAM FILES\USDR6_0001_D19M2108NETINSTALLER.EXE

    Adware.Zango Toolbar/Hb
    HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}
    HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0
    HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\0
    HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\0\win32
    HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\FLAGS
    HKCR\TypeLib\{5937CD7F-1C0B-41E1-9075-60EBDF3C7D34}\1.0\HELPDIR
    HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}
    HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\ProxyStubClsid
    HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\ProxyStubClsid32
    HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\TypeLib
    HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\TypeLib#Version
    HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}
    HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\ProxyStubClsid
    HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\ProxyStubClsid32
    HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\TypeLib
    HKCR\Interface\{85E06077-C824-43D0-A8DC-5EFB17BC348A}\TypeLib#Version
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22319F8-2163-4FD2-A5FF-F2655C27CF3D}\RP5\A0004454.DLL

    Adware.eZula/BannerRotator
    HKCR\Interface\{BA2A20E0-2476-43BB-BCC8-BFEE2419B293}
    HKCR\Interface\{BA2A20E0-2476-43BB-BCC8-BFEE2419B293}\ProxyStubClsid
    HKCR\Interface\{BA2A20E0-2476-43BB-BCC8-BFEE2419B293}\ProxyStubClsid32
    HKCR\Interface\{BA2A20E0-2476-43BB-BCC8-BFEE2419B293}\TypeLib
    HKCR\Interface\{BA2A20E0-2476-43BB-BCC8-BFEE2419B293}\TypeLib#Version
    HKCR\Interface\{D0C1545E-61E1-40D5-8F8C-37D4E7758275}
    HKCR\Interface\{D0C1545E-61E1-40D5-8F8C-37D4E7758275}\ProxyStubClsid
    HKCR\Interface\{D0C1545E-61E1-40D5-8F8C-37D4E7758275}\ProxyStubClsid32
    HKCR\Interface\{D0C1545E-61E1-40D5-8F8C-37D4E7758275}\TypeLib
    HKCR\Interface\{D0C1545E-61E1-40D5-8F8C-37D4E7758275}\TypeLib#Version

    Adware.AdRotate/System
    HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}
    HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}\1.0
    HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}\1.0\0
    HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}\1.0\0\win32
    HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}\1.0\FLAGS
    HKCR\TypeLib\{FDB10602-AA12-4E76-AAE2-2B328A3E950A}\1.0\HELPDIR

    Adware.AdSponsor
    HKCR\AppId\{73364D99-1240-4dff-B12A-67E448373148}

    Trojan.VideoCach/Gen
    HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
    HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0
    HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\0
    HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\0\win32
    HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\FLAGS
    HKCR\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}\1.0\HELPDIR
    HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}
    HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid
    HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\ProxyStubClsid32
    HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib
    HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91}\TypeLib#Version
    HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}
    HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid
    HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\ProxyStubClsid32
    HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib
    HKCR\Interface\{9692BE2F-EB8F-49D9-A11C-C24C1EF734D5}\TypeLib#Version

    Parasite.CoolWebSearch Variant
    C:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20060416-220244-711.DLL

    Trojan.Downloader/Ezula-CrytpoCore
    C:\PROGRAM FILES\HIJACKTHIS\BACKUPS\BACKUP-20061019-165656-842.DLL
    C:\WINNT\SYSTEM32\NSQ4.DLL

    Adware.180solutions/ZangoSearch
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22319F8-2163-4FD2-A5FF-F2655C27CF3D}\RP5\A0004460.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22319F8-2163-4FD2-A5FF-F2655C27CF3D}\RP5\A0004464.EXE

    Adware.Zango
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22319F8-2163-4FD2-A5FF-F2655C27CF3D}\RP5\A0004465.DLL

    Trojan.Services/Inet
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22319F8-2163-4FD2-A5FF-F2655C27CF3D}\RP5\A0004467.EXE

    Trojan.Unknown Origin
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22319F8-2163-4FD2-A5FF-F2655C27CF3D}\RP5\A0004522.EXE
    C:\WINNT\ELITEUNSTALL.EXE
    C:\WINNT\TEMPF.TXT
    C:\WINNT\UNINST2.HTM
    C:\WINNT\UNIST1.HTM

    Adware.ClickSpring/Outer Info Network
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{C22319F8-2163-4FD2-A5FF-F2655C27CF3D}\RP5\A0004523.EXE

    Malware.DriveCleaner
    C:\WINNT\DOWNLOADED PROGRAM FILES\UDC6_0001_D19M1908NETINSTALLER.EXE

    Trojan.WinAntiSpyware/WinAntiVirus 2006
    C:\WINNT\DOWNLOADED PROGRAM FILES\UWA6P_0001_N91M1807NETINSTALLER.EXE

    Adware.Unknown Origin
    C:\WINNT\SYSTEM32\ALGKP7MD.ALS

    Trojan.Downloader-PMTLauncher
    C:\WINNT\SYSTEM32\YMVTZMO.EXE

    Trojan.ThisELT
    C:\WINNT\THISELT.EXE




    combo log

    ComboFix 07-10-29.1 - Administrator 2007-10-31 9:56:27.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.243 [GMT -8:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\.protected
    C:\Documents and Settings\Administrator\Application Data.\Ultimate Cleaner
    C:\Documents and Settings\Administrator\err.log
    C:\Documents and Settings\Administrator\www.google.com\favicon.ico
    C:\Documents and Settings\Administrator\www.google.com\index.html
    C:\Documents and Settings\Administrator\www.google.com\thank.html
    C:\Program Files\screensavers.com
    C:\Program Files\screensavers.com\SSSInst\bin\SSSInst.dll
    C:\Program Files\screensavers.com\SSSInst\bin\SSSUninst.exe
    C:\Program Files\screensavers.com\Wallpaper\Mexico.jpg
    C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
    C:\Program Files\WinBudget
    C:\Program Files\WinBudget\bin\crap.1166560474.old
    C:\Program Files\WinBudget\bin\crap.1166766393.old
    C:\Program Files\WinBudget\bin\crap.1191361628.old
    C:\Program Files\WinBudget\bin\crap.1191993083.old
    C:\Program Files\WinBudget\bin\crap.1192413404.old
    C:\Program Files\WinBudget\bin\crap.1193179640.old
    C:\Program Files\WinBudget\bin\matrix.dll.1166766392.old
    C:\Program Files\WinBudget\bin\matrix.dll.1191361628.old
    C:\Program Files\WinBudget\bin\matrix.dll.1191993082.old
    C:\Program Files\WinBudget\bin\matrix.dll.1192413404.old
    C:\Program Files\WinBudget\bin\matrix.dll.1193179639.old
    C:\WINNT\justin.exe
    C:\WINNT\system32\_000219_.tmp.dll
    C:\WINNT\system32\_000220_.tmp.dll
    C:\WINNT\system32\_000223_.tmp.dll
    C:\WINNT\system32\ctl3dv2q.dll
    C:\WINNT\system32\drivers\cvroizgs.dat
    C:\WINNT\system32\drivers\etc\.protected
    C:\WINNT\system32\drivers\etc\hosts.tim
    C:\WINNT\system32\drivers\npf.sys
    C:\WINNT\system32\drivers\xocpwnnv.dat
    C:\WINNT\system32\info.txt
    C:\WINNT\system32\Packet.dll
    C:\WINNT\system32\ppatch~1
    C:\WINNT\system32\pthreadVC.dll
    C:\WINNT\system32\qpr6smcd2.exe
    C:\WINNT\system32\WanPacket.dll
    C:\WINNT\system32\wpcap.dll
    C:\WINNT\Tasks.\At73.job

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_HYSHXCJT
    -------\LEGACY_NPF
    -------\LEGACY_NWSAPAGENT
    -------\LEGACY_VROTGOKM
    -------\hyshxcjt
    -------\NPF
    -------\NwSapAgent
    -------\vrotgokm




    ((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-31 )))))))))))))))))))))))))))))))
    .

    2007-10-31 09:47 51,200 --a------ C:\WINNT\NirCmd.exe
    2007-10-31 09:11 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-10-31 09:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-10-31 09:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2007-10-31 09:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-10-30 20:26 <DIR> d-------- C:\Program Files\CCleaner
    2007-10-24 10:04 5,120 --a------ C:\WINNT\system32\drivers\ysdnqpmn.dat
    2007-10-23 23:10 118,528 --a------ C:\WINNT\system32\wpovhdbp.dat
    2007-10-23 23:10 41,728 --a------ C:\WINNT\system32\pygmwtid.dat
    2007-10-23 23:10 34,560 --a------ C:\WINNT\system32\vyifjmhh.dat
    2007-10-23 23:03 93,184 --a------ C:\WINNT\system32\compobjr.dll
    2007-10-06 21:56 <DIR> d----c--- C:\WINNT\system32\DRVSTORE
    2007-10-06 21:56 <DIR> d-------- C:\Program Files\Common Files\Apple
    2007-10-06 21:56 <DIR> d-------- C:\Program Files\Apple Software Update
    2007-10-06 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-10-06 21:56 30,336 --a------ C:\WINNT\system32\drivers\usbaapl.sys
    2007-09-23 19:14 184,320 --a------ C:\WINNT\system32\rksnQsIv.dll
    2007-09-21 17:14 184,320 --a------ C:\WINNT\system32\T256wJyr.dll
    2007-09-06 23:12 184,320 --a------ C:\WINNT\system32\6Pn8suKV.dll
    2007-09-05 21:12 184,320 --a------ C:\WINNT\system32\yS1hh5OD.dll
    2007-09-03 21:48 24,128 --a------ C:\WINNT\system32\Wlt4UdWL.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-31 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVG7
    2007-10-31 04:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
    2007-10-31 04:32 --------- d---a-w C:\Program Files\ewido anti-malware
    2007-10-31 04:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-31 03:30 --------- d-----w C:\Program Files\LimeWire
    2007-10-31 03:30 --------- d-----w C:\Program Files\Cakewalk
    2007-10-24 07:05 359,040 ----a-w C:\WINNT\system32\drivers\tcpip.sys
    2007-10-16 04:14 --------- d--h--w C:\Documents and Settings\Administrator\Application Data\Move Networks
    2007-10-07 16:00 --------- d-----w C:\Program Files\iTunes
    2007-10-07 06:12 --------- d-----w C:\Program Files\iPod
    2007-10-07 05:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-10-07 05:58 --------- d-----w C:\Program Files\QuickTime
    2007-10-02 21:38 27,664 ----a-w C:\WINNT\system32\vjxtmrcn10386921.exe
    2007-09-29 15:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
    2006-03-06 03:28 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
    2006-03-06 02:56 7,737,688 ----a-w C:\Program Files\ewido-setup.exe
    2006-03-01 02:46 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
    2006-02-19 02:29 36,526,792 ----a-w C:\Program Files\iTunesSetup.exe
    2005-10-06 07:13 558,240 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
    2005-10-06 05:25 602,688 ----a-w C:\Program Files\SP4Express_EN.exe
    2005-10-06 02:16 271 --sh--w C:\Program Files\desktop.ini
    2005-10-06 02:16 21,952 ---ha-w C:\Program Files\folder.htt
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{293DC58B-63B3-4BFA-BC37-56609A4C9F65}]
    1856-12-31 17:00 93184 --a------ C:\WINNT\system32\compobjr.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="C:\WINNT\system32\mobsync.exe" [1856-12-31 17:00]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    S3 hide_evr2;!!!!;\??\C:\WINNT\hide_evr2.sys
    S3 IP100;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;C:\WINNT\system32\DRIVERS\ipfnd5.sys
    S3 RDID1009;EDIROL UM-1;C:\WINNT\system32\Drivers\rdwm1009.sys
    S3 rrau0003;rrau0003;C:\WINNT\system32\Drivers\rrau0003.sys
    S3 rrwd0003;rrwd0003;C:\WINNT\system32\Drivers\rrwd0003.sys
    S3 US122;US122 Driver;C:\WINNT\system32\Drivers\US122.sys
    S3 US122DL;US122 Firmware Downloader;C:\WINNT\system32\Drivers\US122DL.sys
    S3 Us122WdmService;US122 Wdm Audio;C:\WINNT\system32\Drivers\US122Wdm.sys
    S3 USBAAPL;Apple Mobile USB Driver;C:\WINNT\system32\Drivers\usbaapl.sys
    S3 usbhub20;USB Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    DcomLaunch DcomLaunch

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{406a7820-4af3-11dc-bc50-0008a18f71e3}]
    AutoRun\command - E:\system\viewer\Viewer.exe
    View your videos\command - E:\system\viewer\Viewer.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-07 05:57:15 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-10-24 07:00:00 C:\WINNT\Tasks\At1.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-31 17:00:00 C:\WINNT\Tasks\At10.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-23 17:00:00 C:\WINNT\Tasks\At11.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-17 18:00:00 C:\WINNT\Tasks\At12.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-25 19:00:00 C:\WINNT\Tasks\At13.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-29 21:00:00 C:\WINNT\Tasks\At14.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-22 21:00:00 C:\WINNT\Tasks\At15.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-30 23:00:00 C:\WINNT\Tasks\At16.job"
    "2007-10-31 00:00:00 C:\WINNT\Tasks\At17.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-26 00:00:00 C:\WINNT\Tasks\At18.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-28 01:00:00 C:\WINNT\Tasks\At19.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-16 08:00:00 C:\WINNT\Tasks\At2.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-27 02:00:00 C:\WINNT\Tasks\At20.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-31 04:00:03 C:\WINNT\Tasks\At21.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-31 05:00:00 C:\WINNT\Tasks\At22.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-23 05:00:00 C:\WINNT\Tasks\At23.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-31 07:00:00 C:\WINNT\Tasks\At24.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-24 07:00:00 C:\WINNT\Tasks\At25.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-16 08:00:00 C:\WINNT\Tasks\At26.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-16 09:00:00 C:\WINNT\Tasks\At27.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-09-16 10:00:00 C:\WINNT\Tasks\At28.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-08-29 04:19:30 C:\WINNT\Tasks\At29.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-16 09:00:00 C:\WINNT\Tasks\At3.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-08-29 04:19:30 C:\WINNT\Tasks\At30.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-08-29 04:19:30 C:\WINNT\Tasks\At31.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-09-29 14:00:00 C:\WINNT\Tasks\At32.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-09-29 15:00:00 C:\WINNT\Tasks\At33.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-31 17:00:00 C:\WINNT\Tasks\At34.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-23 17:00:00 C:\WINNT\Tasks\At35.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-17 18:00:00 C:\WINNT\Tasks\At36.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-25 19:00:00 C:\WINNT\Tasks\At37.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-29 21:00:00 C:\WINNT\Tasks\At38.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-22 21:00:00 C:\WINNT\Tasks\At39.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-09-16 10:00:00 C:\WINNT\Tasks\At4.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-30 23:00:00 C:\WINNT\Tasks\At40.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-31 00:00:00 C:\WINNT\Tasks\At41.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-26 00:00:00 C:\WINNT\Tasks\At42.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-28 01:00:00 C:\WINNT\Tasks\At43.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-27 02:00:00 C:\WINNT\Tasks\At44.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-31 04:00:05 C:\WINNT\Tasks\At45.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-31 05:00:00 C:\WINNT\Tasks\At46.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-23 05:00:00 C:\WINNT\Tasks\At47.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-31 07:00:00 C:\WINNT\Tasks\At48.job"
    - C:\WINNT\system32\a4ROWSfx.exe
    "2007-10-24 07:01:01 C:\WINNT\Tasks\At49.job"
    "2007-06-25 11:00:00 C:\WINNT\Tasks\At5.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-16 08:01:00 C:\WINNT\Tasks\At50.job"
    "2007-10-16 09:01:01 C:\WINNT\Tasks\At51.job"
    "2007-09-16 14:47:08 C:\WINNT\Tasks\At52.job"
    - C:\WINNT\system32\Wlt4UdWL.exe
    "2007-09-04 05:48:10 C:\WINNT\Tasks\At53.job"
    - C:\WINNT\system32\Wlt4UdWL.exe
    "2007-09-04 05:48:10 C:\WINNT\Tasks\At54.job"
    - C:\WINNT\system32\Wlt4UdWL.exe
    "2007-09-04 05:48:10 C:\WINNT\Tasks\At55.job"
    - C:\WINNT\system32\Wlt4UdWL.exe
    "2007-09-29 14:01:50 C:\WINNT\Tasks\At56.job"
    - C:\WINNT\system32\Wlt4UdWL.exe
    "2007-09-29 15:01:05 C:\WINNT\Tasks\At57.job"
    "2007-10-31 17:10:51 C:\WINNT\Tasks\At58.job"
    "2007-10-23 17:01:41 C:\WINNT\Tasks\At59.job"
    "2007-06-28 12:00:00 C:\WINNT\Tasks\At6.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-17 18:01:56 C:\WINNT\Tasks\At60.job"
    "2007-10-25 19:01:49 C:\WINNT\Tasks\At61.job"
    "2007-10-29 21:01:34 C:\WINNT\Tasks\At62.job"
    "2007-10-22 21:01:00 C:\WINNT\Tasks\At63.job"
    "2007-10-30 23:01:47 C:\WINNT\Tasks\At64.job"
    "2007-10-31 00:03:00 C:\WINNT\Tasks\At65.job"
    "2007-10-26 00:01:39 C:\WINNT\Tasks\At66.job"
    "2007-10-28 01:01:39 C:\WINNT\Tasks\At67.job"
    "2007-10-27 02:03:00 C:\WINNT\Tasks\At68.job"
    "2007-10-31 04:01:57 C:\WINNT\Tasks\At69.job"
    "2007-05-17 17:01:17 C:\WINNT\Tasks\At7.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-31 05:01:02 C:\WINNT\Tasks\At70.job"
    "2007-10-23 05:01:35 C:\WINNT\Tasks\At71.job"
    "2007-10-31 16:54:24 C:\WINNT\Tasks\At72.job"
    "2007-09-29 14:00:01 C:\WINNT\Tasks\At8.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-09-29 15:00:01 C:\WINNT\Tasks\At9.job"
    - C:\WINNT\system32\32k28TvN.exe
    "2007-10-24 07:52:02 C:\WINNT\Tasks\{CCC2D53A-A992-4A0F-903A-F8EA366C3F51}_MARIO-485PCNBU4_Administrator.job"
    .
    **************************************************************************

    catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-31 09:57:56
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-31 9:58:34
    .
    --- E O F ---
     
  4. replay

    replay Thread Starter

    Joined:
    Aug 12, 2003
    Messages:
    5,536
    reloaded windows............
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/645780

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice