1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Something Got Me...hijack Log Here!

Discussion in 'Virus & Other Malware Removal' started by topazbest, Jul 9, 2007.

Thread Status:
Not open for further replies.
  1. topazbest

    topazbest Thread Starter

    Joined:
    Aug 25, 2003
    Messages:
    620
    FOR THE LIFE OF ME, I CAN't KEEP THE BUGS OUTTA THIS MACHINE....Here;s a HIJACK LOG....see anything...and please some suggestion on what programs to run to stop these attacks! WILL DONATE AS USUAL!
    Logfile of HijackThis v1.99.1
    Scan saved at 8:59:51 AM, on 7/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\1148233256\ee\AOLSoftware.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\Common Files\AOL\1148233256\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\svhost.exe
    C:\WINDOWS\retadpu1000106.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    C:\Program Files\WinPop\winpop.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
    C:\Program Files\America Online 9.0b\waol.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\1148233256\ee\aolsoftware.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\AOL\1148233256\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\AOL\1148233256\ee\SSCEvtHdlr.exe
    C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\America Online 9.0b\shellmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Quikbar\quikbar.exe
    C:\WINDOWS\retadpu77.exe
    C:\Program Files\poolsv\svhost.exe
    C:\WINDOWS\retadpu77.exe
    C:\WINDOWS\retadpu77.exe
    C:\WINDOWS\system32\o09PrEz\o09PrEz1099.exe
    C:\PROGRA~1\COMMON~1\ICROSO~1\wowexec.exe
    C:\Documents and Settings\Administrator\Application Data\?ppPatch\t?skmgr.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mlb.com/
    O2 - BHO: (no name) - {673D1A83-A260-FFBE-1263-FF8DB85484B8} - C:\WINDOWS\system32\rrjceut.dll
    O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xhelper.dll
    O2 - BHO: (no name) - {9cb5ee5a-bc19-42ea-9c33-f07d8085c8b5} - C:\WINDOWS\system32\ejcydkn.dll
    O2 - BHO: (no name) - {A8B7D027-D189-4FD1-BEFB-CF02DB81FC37} - C:\Program Files\MSN Gaming Zone\holem83122.dll
    O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\efccbbx.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148233256\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1148233256\ee\SSCRun.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1148233256\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
    O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu77.exe 61A847B5BBF72815358B2B27128065E9C084320161C4661227A755E9C2933154389A
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
    O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickBar] C:\Program Files\Quikbar\quikbar.exe
    O4 - HKCU\..\Run: [Osoa] "C:\PROGRA~1\COMMON~1\ICROSO~1\wowexec.exe" -vt yazb
    O4 - HKCU\..\Run: [Hngr] "C:\Documents and Settings\Administrator\Application Data\?ppPatch\t?skmgr.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: efccbbx - C:\WINDOWS\SYSTEM32\efccbbx.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1148233256\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
     
  2. topazbest

    topazbest Thread Starter

    Joined:
    Aug 25, 2003
    Messages:
    620
    Thought this might help..

    "Administrator" - 2007-07-09 9:33:56 - ComboFix 07-07-09.3 - Service Pack 2


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\awtqr.dll
    C:\WINDOWS\system32\ddcdcya.dll
    C:\WINDOWS\system32\mljjjkh.dll
    C:\WINDOWS\system32\msmldfyr.dll
    C:\WINDOWS\system32\pmkhf.dll
    C:\WINDOWS\system32\syrbuoct.dll
    C:\WINDOWS\system32\uuaeyerb.dll
    C:\WINDOWS\system32\ckrrbpmf.exe
    C:\WINDOWS\system32\ybiqpttb.exe
    C:\WINDOWS\system32\rqtwa.ini
    C:\WINDOWS\system32\ryfdlmsm.ini
    C:\WINDOWS\system32\fhkmp.bak1
    C:\WINDOWS\system32\fhkmp.ini
    C:\WINDOWS\system32\fhkmp.tmp
    C:\WINDOWS\system32\fhkmp.bak1
    C:\WINDOWS\system32\fhkmp.ini
    C:\WINDOWS\system32\efccbbx.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\ADMINI~1\APPLIC~1.\fnts~1
    C:\DOCUME~1\ADMINI~1\APPLIC~1.\pppatc~1
    C:\DOCUME~1\ADMINI~1\APPLIC~1.\pppatc~1\t?skmgr.exe
    C:\DOCUME~1\ADMINI~1\APPLIC~1.\winantispyware 2007
    C:\DOCUME~1\ADMINI~1\APPLIC~1.\winantispyware 2007\Logs\update.log
    C:\DOCUME~1\ADMINI~1\APPLIC~1.\wnsxs~1
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
    C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
    C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt
    C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt
    C:\Documents and Settings\ADMINI~1.\err.log
    C:\Program Files\Common Files\icroso~1
    C:\Program Files\Common Files\icroso~1\wowexec.exe
    C:\Program Files\Common Files\winantispyware 2007
    C:\Program Files\Common Files\winantispyware 2007\err.log
    C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
    C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
    C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
    C:\Program Files\inetget2\Installeur.exe
    C:\Program Files\MSN Gaming Zone\holem83122.dll
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\Terms.rtf
    C:\Program Files\poolsv
    C:\Program Files\poolsv\k11u72.exe
    C:\Program Files\poolsv\svhost.exe
    C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe
    C:\Program Files\poolsv\wr-1-0000077.exe
    C:\Program Files\poolsv\YazzleBundle-1549.exe
    C:\Program Files\svhost
    C:\Program Files\svhost\wr-1-0000077.exe
    C:\Program Files\web buying
    C:\Program Files\web buying\v1.7.8\wbuninst.exe
    C:\Program Files\web buying\v1.7.8\webbuying.exe
    C:\Program Files\Windows NT\lawugex.dll
    C:\Program Files\winpop
    C:\Program Files\winpop\UnInstall.exe
    C:\Program Files\winpop\winpop.exe
    C:\temp\0b9
    C:\temp\0b9\tmpTF.log
    C:\temp\iee
    C:\temp\iee\tmpZTF.log
    C:\temp\tn3
    C:\WINDOWS\2020search.dll
    C:\WINDOWS\7search.dll
    C:\WINDOWS\b122.exe
    C:\WINDOWS\b136.exe
    C:\WINDOWS\bjam.dll
    C:\WINDOWS\cdsm32.dll
    C:\WINDOWS\flt.dll
    C:\WINDOWS\mspphe.dll
    C:\WINDOWS\pbar.dll
    C:\WINDOWS\retadpu1000106.exe
    C:\WINDOWS\retadpu77.exe
    C:\WINDOWS\saiemod.dll
    C:\WINDOWS\salm.exe
    C:\WINDOWS\satmat.exe
    C:\WINDOWS\svhost.exe
    C:\WINDOWS\swin32.dll
    C:\WINDOWS\system32\drivers\core.cache.dsk
    C:\WINDOWS\system32\gtv_sd.bin
    C:\WINDOWS\system32\msixu.dll
    C:\WINDOWS\system32\o09PrEz
    C:\WINDOWS\system32\o09PrEz\o09PrEz1099.exe
    C:\WINDOWS\system32\rrjceut.dll
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\wapisvsu32.exe
    C:\WINDOWS\system32\wer8274.dll
    C:\WINDOWS\system32\win
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\system32\wnsxs~1
    C:\WINDOWS\updatetc.exe
    C:\WINDOWS\wml.exe
    C:\WINDOWS\wr.txt
    C:\WINDOWS\xmlhelper.dll
    C:\WINDOWS\xmlhelper2.dll
    C:\WINDOWS\ystem~1


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_CORE
    -------\core


    ((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))


    2007-07-09 09:09 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\WinTouch
    2007-07-09 08:53 <DIR> d-------- C:\Program Files\Quikbar
    2007-07-09 08:53 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\QuikBar
    2007-07-09 08:11 18,432 --a------ C:\WINDOWS\system32\drivers\ApiMon.sys
    2007-07-09 08:11 135,168 --a------ C:\WINDOWS\tk58.exe
    2007-07-09 08:10 172,032 --a------ C:\WINDOWS\system32\ejcydkn.dll
    2007-07-09 08:10 <DIR> d-------- C:\WINDOWS\system32\X9
    2007-07-09 08:10 <DIR> d-------- C:\WINDOWS\system32\X5
    2007-07-09 08:10 <DIR> d-------- C:\WINDOWS\system32\X4
    2007-07-09 08:10 <DIR> d-------- C:\WINDOWS\system32\X3
    2007-07-09 08:10 <DIR> d-------- C:\WINDOWS\system32\X2
    2007-07-09 05:54 273,408 --a------ C:\WINDOWS\b140.exe
    2007-07-08 12:20 126,976 --a------ C:\WINDOWS\xhelper.dll
    2007-07-03 09:42 22,016 --a------ C:\WINDOWS\b138.exe
    2007-06-27 15:06 <DIR> d-------- C:\Kaspersky
    2007-06-27 15:06 <DIR> d-------- C:\Bases
    2007-06-25 17:56 <DIR> d-------- C:\WINDOWS\iwkw
    2007-06-25 17:56 <DIR> d-------- C:\Program Files\Common Files\iwkw
    2007-06-25 17:41 <DIR> d--hs---- C:\WINDOWS\UkFZUw


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-09 14:41:25 -------- d-----w C:\Program Files\Windows NT
    2007-07-09 14:41:25 -------- d-----w C:\Program Files\MSN Gaming Zone
    2007-07-09 13:24:29 -------- d-----w C:\Program Files\SUPERAntiSpyware
    2007-06-30 01:50:59 -------- d-----w C:\Program Files\dvdSanta
    2007-06-27 12:33:54 -------- d-----w C:\Program Files\SlySoft
    2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
    2007-06-06 14:18:43 -------- d-----w C:\Program Files\ewido anti-spyware 4.0
    2007-06-04 21:07:27 23,296 ----a-w C:\WINDOWS\vxddsk.exe
    2007-06-04 21:06:48 843,922 ----a-w C:\WINDOWS\system32\WinNB69.dll
    2007-06-04 21:06:28 14,390 ----a-w C:\syscoqt.exe
    2007-05-24 21:23:46 -------- d-----w C:\Program Files\QuickTime
    2007-05-24 21:16:08 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\Roxio
    2007-05-09 14:42:58 -------- d-----w C:\Program Files\Common Files\AOL
    2007-04-14 23:02:36 1,363,869 --sha-w C:\WINDOWS\system32\jmllm.bak1
    2007-04-13 17:31:03 103,984 ----a-w C:\WINDOWS\system32\AOLDial.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
    2007-07-08 12:20 126976 --a------ C:\WINDOWS\xhelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9cb5ee5a-bc19-42ea-9c33-f07d8085c8b5}]
    2007-07-09 08:10 172032 --a------ C:\WINDOWS\system32\ejcydkn.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HostManager"="C:\Program Files\Common Files\AOL\1148233256\ee\AOLSoftware.exe" [2006-09-25 19:52]
    "AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
    "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-05-21 12:41]
    "Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 16:33]
    "NWEReboot"="" []
    "sscRun"="C:\Program Files\Common Files\AOL\1148233256\ee\SSCRun.exe" [2007-01-25 16:34]
    "OASClnt"="C:\Program Files\mcafee.com\antivirus\oasclnt.exe" [2006-07-28 11:43]
    "EmailScan"="C:\Program Files\mcafee.com\antivirus\mcvsescn.exe" [2006-07-28 11:43]
    "MPFExe"="C:\Program Files\mcafee.com\personal firewall\MPfTray.exe" [2006-03-07 15:05]
    "USIUDF_Eject_Monitor"="C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe" [2004-12-23 17:27]
    "RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44]
    "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-06-27 21:33]
    "AOLSPScheduler"="C:\Program Files\Common Files\AOL\1148233256\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe" [2007-01-25 16:34]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-27 10:52]
    "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-06-27 07:34]
    "AOL Fast Start"="C:\Program Files\America Online 9.0b\AOL.exe" [2005-07-12 06:17]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:07]
    "QuickBar"="C:\Program Files\Quikbar\quikbar.exe" [2007-07-09 08:53]
    "Osoa"="C:\PROGRA~1\COMMON~1\ICROSO~1\wowexec.exe" []
    "Hngr"="C:\Documents and Settings\Administrator\Application Data\?ppPatch\t?skmgr.exe" []
    "WinTouch"="C:\Documents and Settings\Administrator\Application Data\WinTouch\WinTouch.exe" [2007-07-09 09:09]
    "SfKg6w"="C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\akgthsa.exe" [2007-07-09 09:09]

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Program Files\Windows NT\progyrtar.html
    FriendlyName=

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" [2006-06-16 09:38]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay]
    "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]
    "C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
    "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
    C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 4.0 Disc Creator\Ulead Quick-Drop 1.0\Quick-Drop.exe WINDOWCALL


    Contents of the 'Scheduled Tasks' folder
    2007-07-09 05:00:00 C:\WINDOWS\tasks\At1.job
    2007-07-09 14:00:00 C:\WINDOWS\tasks\At10.job
    2007-06-30 15:00:00 C:\WINDOWS\tasks\At11.job
    2007-07-08 16:00:00 C:\WINDOWS\tasks\At12.job
    2007-07-08 17:00:00 C:\WINDOWS\tasks\At13.job
    2007-07-08 18:00:00 C:\WINDOWS\tasks\At14.job
    2007-07-08 18:59:59 C:\WINDOWS\tasks\At15.job
    2007-07-08 20:00:00 C:\WINDOWS\tasks\At16.job
    2007-07-08 21:00:00 C:\WINDOWS\tasks\At17.job
    2007-07-08 22:00:00 C:\WINDOWS\tasks\At18.job
    2007-07-08 23:00:09 C:\WINDOWS\tasks\At19.job
    2007-07-09 06:00:00 C:\WINDOWS\tasks\At2.job
    2007-07-09 00:00:00 C:\WINDOWS\tasks\At20.job
    2007-07-09 01:00:00 C:\WINDOWS\tasks\At21.job
    2007-07-09 02:00:01 C:\WINDOWS\tasks\At22.job
    2007-07-09 03:00:00 C:\WINDOWS\tasks\At23.job
    2007-07-09 04:00:00 C:\WINDOWS\tasks\At24.job
    2007-07-09 05:00:00 C:\WINDOWS\tasks\At25.job
    2007-07-09 06:00:00 C:\WINDOWS\tasks\At26.job
    2007-07-09 07:00:00 C:\WINDOWS\tasks\At27.job
    2007-07-09 08:00:00 C:\WINDOWS\tasks\At28.job
    2007-07-09 09:00:00 C:\WINDOWS\tasks\At29.job
    2007-07-09 07:00:00 C:\WINDOWS\tasks\At3.job
    2007-07-09 10:00:00 C:\WINDOWS\tasks\At30.job
    2007-07-09 11:00:00 C:\WINDOWS\tasks\At31.job
    2007-07-09 12:00:00 C:\WINDOWS\tasks\At32.job
    2007-07-09 13:00:00 C:\WINDOWS\tasks\At33.job
    2007-07-09 14:00:00 C:\WINDOWS\tasks\At34.job
    2007-06-30 15:00:00 C:\WINDOWS\tasks\At35.job
    2007-07-08 16:00:00 C:\WINDOWS\tasks\At36.job
    2007-07-08 17:00:00 C:\WINDOWS\tasks\At37.job
    2007-07-08 18:00:00 C:\WINDOWS\tasks\At38.job
    2007-07-08 19:00:00 C:\WINDOWS\tasks\At39.job
    2007-07-09 08:00:00 C:\WINDOWS\tasks\At4.job
    2007-07-08 20:00:00 C:\WINDOWS\tasks\At40.job
    2007-07-08 21:00:00 C:\WINDOWS\tasks\At41.job
    2007-07-08 22:00:00 C:\WINDOWS\tasks\At42.job
    2007-07-08 23:00:12 C:\WINDOWS\tasks\At43.job
    2007-07-09 00:00:00 C:\WINDOWS\tasks\At44.job
    2007-07-09 01:00:00 C:\WINDOWS\tasks\At45.job
    2007-07-09 02:00:02 C:\WINDOWS\tasks\At46.job
    2007-07-09 03:00:01 C:\WINDOWS\tasks\At47.job
    2007-07-09 04:00:00 C:\WINDOWS\tasks\At48.job
    2007-07-09 09:00:00 C:\WINDOWS\tasks\At5.job
    2007-07-09 10:00:00 C:\WINDOWS\tasks\At6.job
    2007-07-09 11:00:00 C:\WINDOWS\tasks\At7.job
    2007-07-09 12:00:00 C:\WINDOWS\tasks\At8.job
    2007-07-09 13:00:00 C:\WINDOWS\tasks\At9.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-09 09:47:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    QuickBar = C:\Program Files\Quikbar\quikbar.exe?D

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-09 9:49:37 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-09 09:49
    C:\ComboFix2.txt ... 2007-06-06 19:44

    --- E O F ---
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/593585

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice