1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

spyware, ad.yeldmanager.com, searchingbooth.com.. windows explorer hijack

Discussion in 'Virus & Other Malware Removal' started by szary, Nov 6, 2006.

Thread Status:
Not open for further replies.
  1. szary

    szary Thread Starter

    Joined:
    Nov 6, 2006
    Messages:
    2
    Hi,
    I've got infected by sobie badass spyware :/ As I can say, it attaching somehow to windows expoler and trying to open some webs (searchingbooth.com media.top-banners.com). And, of curse I have some popups on my desktop (attached somehow behind the desktop icons...).

    Here my combofix log:

    szary - 06-11-06 23:26:36,54 Dodatek Service Pack 2
    ComboFix 06.10.19 - Running from: "C:\Program Files\Opera"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    C:\QooBox\Purity\Documents and Settings\szary\Dane aplikacji\CURITY~1
    C:\QooBox\Purity\Documents and Settings\szary\Moje dokumenty\SSEMBL~1
    C:\QooBox\Purity\Documents and Settings\szary\Moje dokumenty\TSKS~1
    C:\QooBox\Purity\Program Files\ASEMBL~1
    C:\QooBox\Purity\Program Files\Common Files\ICROSO~1
    C:\QooBox\Purity\Program Files\Common Files\WNSXS~1
    C:\QooBox\Purity\Program Files\Common Files\YSTEM3~1
    C:\QooBox\Purity\WINDOWS\SSEMBL~1
    C:\QooBox\Purity\WINDOWS\WNSXS~1
    C:\QooBox\Purity\WINDOWS\system32\ASKS~1
    C:\QooBox\Purity\WINDOWS\system32\PPATCH~1
    C:\QooBox\Purity\WINDOWS\system32\SCURIT~1


    ((((((((((((((((((((((((((((((( Files Created from 2006-10-06 to 2006-11-06 ))))))))))))))))))))))))))))))))))


    2006-11-06 01:31 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2006-10-18 23:05 42,496 --------- C:\WINDOWS\system32\wpdshextres.dll
    2006-10-17 13:33 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
    2006-10-17 13:33 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
    2006-10-17 13:33 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
    2006-10-17 13:33 180,736 --------- C:\WINDOWS\system32\ieui.dll
    2006-10-17 13:05 206,336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
    2006-10-17 12:58 61,952 --------- C:\WINDOWS\system32\icardie.dll
    2006-10-17 12:58 12,288 --------- C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 12:57 266,752 --------- C:\WINDOWS\system32\iertutil.dll
    2006-10-17 12:27 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll
    2006-10-16 23:32 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
    2006-10-14 10:49 2,180,096 --a------ C:\WINDOWS\system32\drivers\lvsvf2.sys
    2006-10-14 10:45 90,112 --a------ C:\WINDOWS\system32\LQCUI2.dll
    2006-10-14 10:45 856,064 --a------ C:\WINDOWS\system32\Ltwvc12n.dll
    2006-10-14 10:45 78,336 --a------ C:\WINDOWS\system32\lffax12n.dll
    2006-10-14 10:45 53,248 -ra------ C:\WINDOWS\system32\InstMed.exe
    2006-10-14 10:45 466,944 --a------ C:\WINDOWS\system32\QCUI2.dll
    2006-10-14 10:45 462,848 --a------ C:\WINDOWS\system32\LCamCpl.dll
    2006-10-14 10:45 406,016 --a------ C:\WINDOWS\system32\ltkrn12n.dll
    2006-10-14 10:45 372,736 --a------ C:\WINDOWS\system32\LVUI2RC.dll
    2006-10-14 10:45 328,704 --a------ C:\WINDOWS\system32\LFCMP12n.DLL
    2006-10-14 10:45 30,720 --a------ C:\WINDOWS\system32\lfbmp12n.dll
    2006-10-14 10:45 259,072 --a------ C:\WINDOWS\system32\LTDIS12n.dll
    2006-10-14 10:45 22,016 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2006-10-14 10:45 215,552 --a------ C:\WINDOWS\system32\Lvkrn12n.dll
    2006-10-14 10:45 211,712 --a------ C:\WINDOWS\system32\drivers\LV561AV.SYS
    2006-10-14 10:45 207,872 --a------ C:\WINDOWS\system32\ltefx12n.dll
    2006-10-14 10:45 204,800 --a------ C:\WINDOWS\system32\LVUI2.dll
    2006-10-14 10:45 204,800 --a------ C:\WINDOWS\system32\LVCodec2.dll
    2006-10-14 10:45 164,864 --a------ C:\WINDOWS\system32\ltimg12n.dll
    2006-10-14 10:45 141,312 --a------ C:\WINDOWS\system32\lftif12n.dll
    2006-10-14 10:45 131,072 --a------ C:\WINDOWS\system32\ltfil12n.DLL
    2006-10-14 10:45 106,496 --a------ C:\WINDOWS\system32\lvcoinst.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-06 23:40 -------- d-------- C:\Program Files\Common Files
    2006-11-06 23:38 -------- d-a------ C:\Program Files\MadEdit
    2006-11-06 23:25 -------- d-------- C:\Program Files\Opera
    2006-11-06 23:23 -------- d-------- C:\Documents and Settings\szary\Dane aplikacji\The Bat!
    2006-11-06 19:49 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-11-06 19:31 -------- d-------- C:\Program Files\DC++
    2006-11-06 17:53 -------- d-------- C:\Documents and Settings\szary\Dane aplikacji\Ethereal
    2006-11-06 16:42 -------- d-------- C:\Program Files\Ethereal
    2006-11-06 16:41 -------- d-------- C:\Program Files\WinPcap
    2006-11-06 16:38 -------- d-------- C:\Documents and Settings\szary\Dane aplikacji\NotesHolder
    2006-11-06 16:31 -------- d-------- C:\Program Files\Visual Assist X
    2006-11-06 15:03 -------- d-------- C:\Documents and Settings\szary\Dane aplikacji\Jetico Personal Firewall
    2006-11-06 14:57 -------- d-------- C:\Program Files\Jetico
    2006-11-06 02:46 -------- d-------- C:\Program Files\CleanUp!
    2006-11-06 01:50 -------- d-------- C:\Program Files\Mozilla Sunbird
    2006-11-06 01:31 -------- d-------- C:\Program Files\Grisoft
    2006-11-06 01:29 -------- d-------- C:\Documents and Settings\szary\Dane aplikacji\Skype
    2006-11-05 22:04 -------- d-------- C:\Program Files\foobar2000
    2006-11-05 14:41 -------- d-------- C:\Program Files\WinRAR
    2006-11-05 14:30 -------- d-------- C:\Program Files\NetMeeting
    2006-11-05 14:30 -------- d-------- C:\Program Files\Internet Explorer
    2006-11-05 02:10 -------- d-------- C:\Program Files\Java
    2006-11-05 02:07 -------- d-------- C:\Program Files\Common Files\Java
    2006-11-04 21:31 -------- d-------- C:\Program Files\AXE3
    2006-11-03 01:59 -------- d-------- C:\Program Files\Mozilla Thunderbird
    2006-11-03 01:43 -------- d-------- C:\Documents and Settings\szary\Dane aplikacji\Thunderbird
    2006-11-03 01:43 -------- d-------- C:\Documents and Settings\szary\Dane aplikacji\Mozilla
    2006-11-03 01:42 -------- d-------- C:\Documents and Settings\szary\Dane aplikacji\Talkback
    2006-11-03 00:11 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-11-03 00:11 -------- d-------- C:\Program Files\LizardTech
    2006-11-02 13:23 -------- d-------- C:\Program Files\Replay Solutions
    2006-10-31 12:37 -------- d-------- C:\Program Files\Windows Media Player
    2006-10-31 12:37 -------- d-------- C:\Program Files\Windows Media Connect 2
    2006-10-29 23:30 -------- d-------- C:\Program Files\Serv-U
    2006-10-25 00:51 -------- d-------- C:\Program Files\Konnekt
    2006-10-24 23:47 -------- d-------- C:\Program Files\Windows Defender
    2006-10-24 22:49 -------- d-------- C:\Program Files\Gadu-Gadu
    2006-10-24 12:34 3 --a------ C:\CONFIG.SYS
    2006-10-23 23:29 -------- d-------- C:\Program Files\XML Notepad 2006
    2006-10-23 23:24 -------- d-------- C:\Program Files\Winamp
    2006-10-23 00:36 -------- d-------- C:\Program Files\Common Files\Borland Shared
    2006-10-22 23:12 -------- d-------- C:\Documents and Settings\szary\Dane aplikacji\Borland
    2006-10-22 22:59 -------- d-------- C:\Program Files\Borland
    2006-10-20 01:21 -------- d-------- C:\Program Files\Microsoft Visual Studio 8
    2006-10-20 01:04 -------- d-------- C:\Program Files\Autodesk
    2006-10-20 01:03 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
    2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
    2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
    2006-10-18 22:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
    2006-10-18 22:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
    2006-10-18 22:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
    2006-10-18 22:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
    2006-10-18 22:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
    2006-10-18 22:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
    2006-10-18 22:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
    2006-10-18 22:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
    2006-10-18 22:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
    2006-10-18 22:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
    2006-10-18 22:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
    2006-10-18 22:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
    2006-10-18 22:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
    2006-10-18 22:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
    2006-10-18 22:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
    2006-10-18 22:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
    2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
    2006-10-18 22:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
    2006-10-18 22:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
    2006-10-18 22:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
    2006-10-18 22:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
    2006-10-18 22:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
    2006-10-18 22:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
    2006-10-18 22:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
    2006-10-18 22:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
    2006-10-18 22:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
    2006-10-18 22:47 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll
    2006-10-18 22:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
    2006-10-18 22:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
    2006-10-18 22:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
    2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
    2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
    2006-10-18 22:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
    2006-10-18 22:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
    2006-10-18 22:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
    2006-10-18 22:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
    2006-10-18 22:47 222208 --a------ C:\WINDOWS\system32\WMASF.dll
    2006-10-18 22:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
    2006-10-18 22:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
    2006-10-18 22:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
    2006-10-18 22:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
    2006-10-18 22:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
    2006-10-18 22:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
    2006-10-18 22:47 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll
    2006-10-18 22:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
    2006-10-18 22:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
    2006-10-18 22:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
    2006-10-18 22:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
    2006-10-18 22:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
    2006-10-18 22:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
    2006-10-18 22:47 133632 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll
    2006-10-18 22:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
    2006-10-18 22:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
    2006-10-18 22:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
    2006-10-18 22:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
    2006-10-18 22:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
    2006-10-18 22:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
    2006-10-18 21:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
    2006-10-18 21:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
    2006-10-18 21:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
    2006-10-18 21:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
    2006-10-17 19:20 -------- d-------- C:\Program Files\IDM Computer Solutions
    2006-10-17 19:19 -------- d-------- C:\Documents and Settings\szary\Dane aplikacji\IDMComp
    2006-10-17 13:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-10-17 13:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-10-17 13:33 156160 --a------ C:\WINDOWS\system32\msls31.dll
    2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
    2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
    2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
    2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
    2006-10-17 13:01 71680 --a------ C:\WINDOWS\system32\admparse.dll
    2006-10-17 13:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll
    2006-10-17 13:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-10-17 13:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-10-17 13:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-10-17 13:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
    2006-10-17 13:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-10-17 13:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll
    2006-10-17 13:00 123904 --a------ C:\WINDOWS\system32\advpack.dll
    2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
    2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
    2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 12:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll
    2006-10-15 11:59 -------- d-------- C:\Program Files\AGEIA Technologies
    2006-10-14 10:45 -------- d-------- C:\Program Files\Logitech
    2006-10-14 10:45 -------- d-------- C:\Program Files\Common Files\Logitech
    2006-10-14 01:23 -------- d-------- C:\Program Files\UltraVNC
    2006-10-13 13:30 -------- d-------- C:\Program Files\Common Files\SystemRequirementsLab
    2006-10-13 11:27 -------- d-------- C:\Program Files\Flex
    2006-10-09 20:55 -------- d-------- C:\Program Files\The Bat!
    2006-10-03 21:07 -------- d-------- C:\Program Files\BitComet
    2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
    2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
    2006-09-28 19:00 82944 --------- C:\WINDOWS\system32\drivers\WudfRd.sys
    2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
    2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
    2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
    2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
    2006-09-28 18:55 77568 --------- C:\WINDOWS\system32\drivers\WudfPf.sys
    2006-09-26 09:25 -------- d-------- C:\Program Files\TortoiseSVN
    2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2006-09-22 10:59 -------- d-------- C:\Program Files\ATI
    2006-09-22 10:54 -------- d-------- C:\Program Files\NVIDIA Corporation
    2006-09-22 08:23 -------- d-------- C:\Program Files\Regmon
    2006-09-19 20:31 -------- d-------- C:\Program Files\GameSpy Arcade
    2006-09-14 10:28 -------- d-------- C:\Documents and Settings\szary\Dane aplikacji\ISTool
    2006-09-13 06:07 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
    2006-09-09 19:22 -------- d-------- C:\Program Files\GetRight
    2006-09-06 10:08 -------- d-------- C:\Program Files\Windows PowerShell
    2006-08-30 21:33 531760 --a------ C:\WINDOWS\GenuineCheck.exe
    2006-08-25 16:51 617472 --a------ C:\WINDOWS\system32\comctl32.dll
    2006-08-21 13:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll
    2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
    2006-08-16 12:59 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "nwiz"="nwiz.exe /install"
    "AGRSMMSG"="AGRSMMSG.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "FinePrint Dispatcher v5"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\fpdisp5a.exe\" /source=HKLM"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "JeticoPFStartup"="\"C:\\Program Files\\Jetico\\Jetico Personal Firewall\\fwsrv.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="C:\\Program Files\\NetMeeting\\kyfevyt.html"
    "SubscribedURL"=""
    "FriendlyName"=""
    "Flags"=dword:00002000
    "Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
    03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
    "CurrentState"=dword:40000001
    "OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
    00,00,01,00,00,00
    "RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    "Source"="C:\\Program Files\\Internet Explorer\\hocysorur.html"
    "SubscribedURL"=""
    "FriendlyName"=""
    "Flags"=dword:00002000
    "Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
    03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
    "CurrentState"=dword:40000001
    "OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
    00,00,01,00,00,00
    "RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
    "Source"="C:\\WINDOWS\\system32\\ad.html"
    "SubscribedURL"=""
    "FriendlyName"=""
    "Flags"=dword:00002000
    "Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ec,\
    03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
    "CurrentState"=dword:40000001
    "OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
    00,00,01,00,00,40
    "RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Moja bieżąca strona główna"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,b6,01,00,00,00,00,00,00,4a,02,00,00,ea,02,00,00,ee,\
    03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=dword:40000004
    "OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,ea,02,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,ea,02,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Moduł wstępnego ładowania interfejsu Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Demon buforu kategorii składników"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cleanup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iconcache]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="icon"
    "hkey"="HKLM"
    "command"="c:\\windows\\vcp_temp\\iconcache\\icon.bat"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ISStart"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LogiTray"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="LVCOMSX"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "mi-raysat_3dsmax9_32"=dword:00000002

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    to be continued...
     
  2. szary

    szary Thread Starter

    Joined:
    Nov 6, 2006
    Messages:
    2
    ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    backup-20061105-160437-388
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (file missing)
    backup-20061105-160325-129
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    backup-20061105-160325-828
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    backup-20061105-160325-887
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    backup-20061105-160325-704
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    backup-20061105-160325-786
    O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    backup-20061105-160325-961
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    backup-20061105-160325-765
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    backup-20061105-160325-942
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    backup-20061105-160324-484
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    backup-20061105-160324-244
    O2 - BHO: (no name) - {655BF241-3DA1-4CCA-B7BB-748BE83242B3} - C:\WINDOWS\system32\mpr32.dll
    backup-20061105-155824-306
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
    backup-20061105-150943-432
    O2 - BHO: (no name) - {F35A6518-9B9B-4B8B-98B1-737C5CB91677} - C:\Program Files\Messenger\howejecuw.dll
    backup-20061105-150943-162
    O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
    backup-20061105-150943-382
    R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
    backup-20061105-150943-842
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    backup-20061105-150132-678
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFyaXVzeiBTenluYWxpaw\command.exe (file missing)
    backup-20061105-144801-108
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFyaXVzeiBTenluYWxpaw\command.exe
    backup-20061105-144751-922
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    backup-20061105-144751-761
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    backup-20061105-144751-658
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    backup-20061105-144751-562
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    backup-20061105-144751-472
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    backup-20061105-144751-429
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFyaXVzeiBTenluYWxpaw\command.exe
    backup-20061105-144751-263
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    backup-20061105-144751-295
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    backup-20061105-144751-818
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    backup-20061105-144013-477
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    backup-20061105-144013-161
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    backup-20061105-144013-954
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFyaXVzeiBTenluYWxpaw\command.exe
    backup-20061105-144013-545
    O4 - HKLM\..\Run: [defender] c:\\dfndrff_e49.exe
    backup-20061105-144013-278
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    backup-20061105-144013-641
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
    backup-20061105-144013-744
    O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e49.exe
    backup-20061105-144013-456
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    backup-20061105-144013-413
    O4 - HKLM\..\Run: [newname] c:\\nwnmff_e49.exe
    backup-20061105-144013-406
    O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
    backup-20061105-144013-308
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    backup-20061105-144013-611
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    backup-20061105-144013-529
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
    backup-20061024-212441-510
    O4 - HKCU\..\Run: [Aiou] "C:\DOCUME~1\szary\MOJEDO~1\PPATCH~1\wucrtupd.exe" -vt mt
    backup-20061024-144657-423
    O4 - HKLM\..\Run: [Windows Update Alert] "C:\WINDOWS\system32\winalert.exe"
    backup-20061024-135710-244
    O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\temp\wincss323584.exe
    backup-20061024-135206-228
    O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\temp\wincss323584.exe
    backup-20061024-135030-886
    O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\temp\wincss323584.exe
    backup-20061024-135017-135
    O4 - HKCU\..\Run: [Winstw] C:\WINDOWS\temp\wincss3216384.exe
    backup-20061024-135017-345
    O4 - HKCU\..\Run: [Winstk] C:\WINDOWS\temp\wincss3216384.exe
    backup-20061024-135017-293
    O4 - HKCU\..\Run: [Winsti] C:\WINDOWS\temp\wincss3216384.exe
    backup-20061024-135017-531
    O4 - HKCU\..\Run: [Winste] C:\WINDOWS\temp\wincss3216384.exe
    backup-20061024-135017-376
    O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\temp\wincss323584.exe
    backup-20060523-015321-776
    O4 - HKLM\..\Run: [defender] C:\\defender21.exe

    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    Completion time: 06-11-06 23:43:12.42
    C:\ComboFix.txt ... 06-11-06 23:43

    Please help....
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - spyware yeldmanager searchingbooth
  1. TeeTee7
    Replies:
    1
    Views:
    699
  2. HollyG
    Replies:
    14
    Views:
    1,200
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/516085

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice