Something Got Me...hijack Log Here!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

topazbest

Thread Starter
Joined
Aug 25, 2003
Messages
624
FOR THE LIFE OF ME, I CAN't KEEP THE BUGS OUTTA THIS MACHINE....Here;s a HIJACK LOG....see anything...and please some suggestion on what programs to run to stop these attacks! WILL DONATE AS USUAL!
Logfile of HijackThis v1.99.1
Scan saved at 8:59:51 AM, on 7/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1148233256\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\AOL\1148233256\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\retadpu1000106.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\WinPop\winpop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1148233256\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1148233256\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\AOL\1148233256\ee\SSCEvtHdlr.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Quikbar\quikbar.exe
C:\WINDOWS\retadpu77.exe
C:\Program Files\poolsv\svhost.exe
C:\WINDOWS\retadpu77.exe
C:\WINDOWS\retadpu77.exe
C:\WINDOWS\system32\o09PrEz\o09PrEz1099.exe
C:\PROGRA~1\COMMON~1\ICROSO~1\wowexec.exe
C:\Documents and Settings\Administrator\Application Data\?ppPatch\t?skmgr.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlb.com/
O2 - BHO: (no name) - {673D1A83-A260-FFBE-1263-FF8DB85484B8} - C:\WINDOWS\system32\rrjceut.dll
O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xhelper.dll
O2 - BHO: (no name) - {9cb5ee5a-bc19-42ea-9c33-f07d8085c8b5} - C:\WINDOWS\system32\ejcydkn.dll
O2 - BHO: (no name) - {A8B7D027-D189-4FD1-BEFB-CF02DB81FC37} - C:\Program Files\MSN Gaming Zone\holem83122.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\efccbbx.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148233256\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1148233256\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1148233256\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickBar] C:\Program Files\Quikbar\quikbar.exe
O4 - HKCU\..\Run: [Osoa] "C:\PROGRA~1\COMMON~1\ICROSO~1\wowexec.exe" -vt yazb
O4 - HKCU\..\Run: [Hngr] "C:\Documents and Settings\Administrator\Application Data\?ppPatch\t?skmgr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: efccbbx - C:\WINDOWS\SYSTEM32\efccbbx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1148233256\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 

topazbest

Thread Starter
Joined
Aug 25, 2003
Messages
624
Thought this might help..

"Administrator" - 2007-07-09 9:33:56 - ComboFix 07-07-09.3 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\ddcdcya.dll
C:\WINDOWS\system32\mljjjkh.dll
C:\WINDOWS\system32\msmldfyr.dll
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\syrbuoct.dll
C:\WINDOWS\system32\uuaeyerb.dll
C:\WINDOWS\system32\ckrrbpmf.exe
C:\WINDOWS\system32\ybiqpttb.exe
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\ryfdlmsm.ini
C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.tmp
C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\efccbbx.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ADMINI~1\APPLIC~1.\fnts~1
C:\DOCUME~1\ADMINI~1\APPLIC~1.\pppatc~1
C:\DOCUME~1\ADMINI~1\APPLIC~1.\pppatc~1\t?skmgr.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ADMINI~1\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\ADMINI~1\APPLIC~1.\wnsxs~1
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt
C:\Documents and Settings\ADMINI~1.\err.log
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\icroso~1\wowexec.exe
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\inetget2\Installeur.exe
C:\Program Files\MSN Gaming Zone\holem83122.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\poolsv
C:\Program Files\poolsv\k11u72.exe
C:\Program Files\poolsv\svhost.exe
C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe
C:\Program Files\poolsv\wr-1-0000077.exe
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\Program Files\web buying
C:\Program Files\web buying\v1.7.8\wbuninst.exe
C:\Program Files\web buying\v1.7.8\webbuying.exe
C:\Program Files\Windows NT\lawugex.dll
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\Program Files\winpop\winpop.exe
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\2020search.dll
C:\WINDOWS\7search.dll
C:\WINDOWS\b122.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\bjam.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\flt.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\retadpu1000106.exe
C:\WINDOWS\retadpu77.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\satmat.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\o09PrEz\o09PrEz1099.exe
C:\WINDOWS\system32\rrjceut.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wapisvsu32.exe
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\updatetc.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\wr.txt
C:\WINDOWS\xmlhelper.dll
C:\WINDOWS\xmlhelper2.dll
C:\WINDOWS\ystem~1


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))


2007-07-09 09:09 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch
2007-07-09 08:53 <DIR> d-------- C:\Program Files\Quikbar
2007-07-09 08:53 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\QuikBar
2007-07-09 08:11 18,432 --a------ C:\WINDOWS\system32\drivers\ApiMon.sys
2007-07-09 08:11 135,168 --a------ C:\WINDOWS\tk58.exe
2007-07-09 08:10 172,032 --a------ C:\WINDOWS\system32\ejcydkn.dll
2007-07-09 08:10 <DIR> d-------- C:\WINDOWS\system32\X9
2007-07-09 08:10 <DIR> d-------- C:\WINDOWS\system32\X5
2007-07-09 08:10 <DIR> d-------- C:\WINDOWS\system32\X4
2007-07-09 08:10 <DIR> d-------- C:\WINDOWS\system32\X3
2007-07-09 08:10 <DIR> d-------- C:\WINDOWS\system32\X2
2007-07-09 05:54 273,408 --a------ C:\WINDOWS\b140.exe
2007-07-08 12:20 126,976 --a------ C:\WINDOWS\xhelper.dll
2007-07-03 09:42 22,016 --a------ C:\WINDOWS\b138.exe
2007-06-27 15:06 <DIR> d-------- C:\Kaspersky
2007-06-27 15:06 <DIR> d-------- C:\Bases
2007-06-25 17:56 <DIR> d-------- C:\WINDOWS\iwkw
2007-06-25 17:56 <DIR> d-------- C:\Program Files\Common Files\iwkw
2007-06-25 17:41 <DIR> d--hs---- C:\WINDOWS\UkFZUw


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-09 14:41:25 -------- d-----w C:\Program Files\Windows NT
2007-07-09 14:41:25 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-07-09 13:24:29 -------- d-----w C:\Program Files\SUPERAntiSpyware
2007-06-30 01:50:59 -------- d-----w C:\Program Files\dvdSanta
2007-06-27 12:33:54 -------- d-----w C:\Program Files\SlySoft
2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-06 14:18:43 -------- d-----w C:\Program Files\ewido anti-spyware 4.0
2007-06-04 21:07:27 23,296 ----a-w C:\WINDOWS\vxddsk.exe
2007-06-04 21:06:48 843,922 ----a-w C:\WINDOWS\system32\WinNB69.dll
2007-06-04 21:06:28 14,390 ----a-w C:\syscoqt.exe
2007-05-24 21:23:46 -------- d-----w C:\Program Files\QuickTime
2007-05-24 21:16:08 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Roxio
2007-05-09 14:42:58 -------- d-----w C:\Program Files\Common Files\AOL
2007-04-14 23:02:36 1,363,869 --sha-w C:\WINDOWS\system32\jmllm.bak1
2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
2007-07-08 12:20 126976 --a------ C:\WINDOWS\xhelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9cb5ee5a-bc19-42ea-9c33-f07d8085c8b5}]
2007-07-09 08:10 172032 --a------ C:\WINDOWS\system32\ejcydkn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1148233256\ee\AOLSoftware.exe" [2006-09-25 19:52]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-05-21 12:41]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 16:33]
"NWEReboot"="" []
"sscRun"="C:\Program Files\Common Files\AOL\1148233256\ee\SSCRun.exe" [2007-01-25 16:34]
"OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [2006-07-28 11:43]
"EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [2006-07-28 11:43]
"MPFExe"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2006-03-07 15:05]
"USIUDF_Eject_Monitor"="C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-12-23 17:27]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-06-27 21:33]
"AOLSPScheduler"="C:\Program Files\Common Files\AOL\1148233256\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe" [2007-01-25 16:34]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-27 10:52]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-06-27 07:34]
"AOL Fast Start"="C:\Program Files\America Online 9.0b\AOL.exe" [2005-07-12 06:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:07]
"QuickBar"="C:\Program Files\Quikbar\quikbar.exe" [2007-07-09 08:53]
"Osoa"="C:\PROGRA~1\COMMON~1\ICROSO~1\wowexec.exe" []
"Hngr"="C:\Documents and Settings\Administrator\Application Data\?ppPatch\t?skmgr.exe" []
"WinTouch"="C:\Documents and Settings\Administrator\Application Data\WinTouch\WinTouch.exe" [2007-07-09 09:09]
"SfKg6w"="C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\akgthsa.exe" [2007-07-09 09:09]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Windows NT\progyrtar.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" [2006-06-16 09:38]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay]
"C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]
"C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator\Ulead Quick-Drop 1.0\Quick-Drop.exe WINDOWCALL


Contents of the 'Scheduled Tasks' folder
2007-07-09 05:00:00 C:\WINDOWS\tasks\At1.job
2007-07-09 14:00:00 C:\WINDOWS\tasks\At10.job
2007-06-30 15:00:00 C:\WINDOWS\tasks\At11.job
2007-07-08 16:00:00 C:\WINDOWS\tasks\At12.job
2007-07-08 17:00:00 C:\WINDOWS\tasks\At13.job
2007-07-08 18:00:00 C:\WINDOWS\tasks\At14.job
2007-07-08 18:59:59 C:\WINDOWS\tasks\At15.job
2007-07-08 20:00:00 C:\WINDOWS\tasks\At16.job
2007-07-08 21:00:00 C:\WINDOWS\tasks\At17.job
2007-07-08 22:00:00 C:\WINDOWS\tasks\At18.job
2007-07-08 23:00:09 C:\WINDOWS\tasks\At19.job
2007-07-09 06:00:00 C:\WINDOWS\tasks\At2.job
2007-07-09 00:00:00 C:\WINDOWS\tasks\At20.job
2007-07-09 01:00:00 C:\WINDOWS\tasks\At21.job
2007-07-09 02:00:01 C:\WINDOWS\tasks\At22.job
2007-07-09 03:00:00 C:\WINDOWS\tasks\At23.job
2007-07-09 04:00:00 C:\WINDOWS\tasks\At24.job
2007-07-09 05:00:00 C:\WINDOWS\tasks\At25.job
2007-07-09 06:00:00 C:\WINDOWS\tasks\At26.job
2007-07-09 07:00:00 C:\WINDOWS\tasks\At27.job
2007-07-09 08:00:00 C:\WINDOWS\tasks\At28.job
2007-07-09 09:00:00 C:\WINDOWS\tasks\At29.job
2007-07-09 07:00:00 C:\WINDOWS\tasks\At3.job
2007-07-09 10:00:00 C:\WINDOWS\tasks\At30.job
2007-07-09 11:00:00 C:\WINDOWS\tasks\At31.job
2007-07-09 12:00:00 C:\WINDOWS\tasks\At32.job
2007-07-09 13:00:00 C:\WINDOWS\tasks\At33.job
2007-07-09 14:00:00 C:\WINDOWS\tasks\At34.job
2007-06-30 15:00:00 C:\WINDOWS\tasks\At35.job
2007-07-08 16:00:00 C:\WINDOWS\tasks\At36.job
2007-07-08 17:00:00 C:\WINDOWS\tasks\At37.job
2007-07-08 18:00:00 C:\WINDOWS\tasks\At38.job
2007-07-08 19:00:00 C:\WINDOWS\tasks\At39.job
2007-07-09 08:00:00 C:\WINDOWS\tasks\At4.job
2007-07-08 20:00:00 C:\WINDOWS\tasks\At40.job
2007-07-08 21:00:00 C:\WINDOWS\tasks\At41.job
2007-07-08 22:00:00 C:\WINDOWS\tasks\At42.job
2007-07-08 23:00:12 C:\WINDOWS\tasks\At43.job
2007-07-09 00:00:00 C:\WINDOWS\tasks\At44.job
2007-07-09 01:00:00 C:\WINDOWS\tasks\At45.job
2007-07-09 02:00:02 C:\WINDOWS\tasks\At46.job
2007-07-09 03:00:01 C:\WINDOWS\tasks\At47.job
2007-07-09 04:00:00 C:\WINDOWS\tasks\At48.job
2007-07-09 09:00:00 C:\WINDOWS\tasks\At5.job
2007-07-09 10:00:00 C:\WINDOWS\tasks\At6.job
2007-07-09 11:00:00 C:\WINDOWS\tasks\At7.job
2007-07-09 12:00:00 C:\WINDOWS\tasks\At8.job
2007-07-09 13:00:00 C:\WINDOWS\tasks\At9.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-09 09:47:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
QuickBar = C:\Program Files\Quikbar\quikbar.exe?D

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-09 9:49:37 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-09 09:49
C:\ComboFix2.txt ... 2007-06-06 19:44

--- E O F ---
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top