PC Help Forum - Free Computer Help, Windows, Hardware, Software and more!
   
 
Become a Member Today!
Search PC Help Forum for Answers
 
Go Back   PC Help Forum - Free Computer Help, Windows, Hardware, Software and more! > Security & Safety > Spyware / AdWare > [Fixed] Hijackthis! Logs
Reload this Page hijackthis log
[Fixed] Hijackthis! Logs - hijackthis log posted in the Spyware / AdWare forums; everytime i get iexplore.exe coming everytime in taskmanager->process how do i remove it heres the log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at ...

REGISTER NOW to remove these Ads

Reply
Page 1 of 2 1 2 >
 
LinkBack Thread Tools Display Modes Language
  #1  
Old 4 Weeks Ago
hunt120's Avatar
Bronze Member
  
Posts: 17
PC Experience: PC Illiterate
hunt120 - See this Members User comments on their Profile page
Default hijackthis log
everytime i get iexplore.exe coming everytime in taskmanager->process how do i remove it heres the log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:37 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Tales of Pirates
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Customize Your Settings
O2 - BHO: CEventSink Class - {B7154C4D-87C0-4A2C-AB64-DA132BAC2EE6} - C:\Program Files\Hotspot Shield\AnchorFree\ie\AFBho.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\OMAX 2\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {36A4B20A-2B75-4101-86CE-F9B03CA4B91C} (DownStarter Control) - http://bgweb.nowcdn.co.kr/bin/DownStarter.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F65AD81-957F-40B6-A813-432AD32A8C03}: NameServer = 192.168.0.2,192.168.0.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProgramCheckerPro (sassvc) - Unknown owner - C:\Program Files\Zenturi\ProgramChecker\sassvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8380 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #2  
Old 4 Weeks Ago
Pancake's Avatar
Senior Security Analyst
  
Posts: 1,620
PC Experience: Elite PC Guru
Location: Victoria, Australia
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: hijackthis log
iexplore.exe is ment to run in Taskmanager.

__________________
  • An Australian Member of
  • and
My real name is Eddy
Last edited by Pancake : 4 Weeks Ago at 01:09 AM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #3  
Old 4 Weeks Ago
hunt120's Avatar
Bronze Member
  
Posts: 17
PC Experience: PC Illiterate
hunt120 - See this Members User comments on their Profile page
Default Re: hijackthis log
no but iexplore.exe is not coming up only the process is showing plus after i end process but it still appears after 20 mins why plz check hijackthis log.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #4  
Old 4 Weeks Ago
Pancake's Avatar
Senior Security Analyst
  
Posts: 1,620
PC Experience: Elite PC Guru
Location: Victoria, Australia
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: hijackthis log
There is nothing wrong with your log.Its normal...all fine.

__________________
  • An Australian Member of
  • and
My real name is Eddy
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #5  
Old 4 Weeks Ago
hunt120's Avatar
Bronze Member
  
Posts: 17
PC Experience: PC Illiterate
hunt120 - See this Members User comments on their Profile page
Default Re: hijackthis log
but iexplore.exe keeps coming even if dont open it why?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #6  
Old 4 Weeks Ago
Pancake's Avatar
Senior Security Analyst
  
Posts: 1,620
PC Experience: Elite PC Guru
Location: Victoria, Australia
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: hijackthis log
Ok.Now I see what you mean...



Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

=================================

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a security analyst.
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

__________________
  • An Australian Member of
  • and
My real name is Eddy
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #7  
Old 4 Weeks Ago
hunt120's Avatar
Bronze Member
  
Posts: 17
PC Experience: PC Illiterate
hunt120 - See this Members User comments on their Profile page
Default Re: hijackthis log
heres the report:
SDFix: Version 1.171
Run by OMAX 2 on Fri 04/18/2008 at 10:15 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Online Security Guide.url - Deleted
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Security Troubleshooting.url - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 10:24:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:dd,13,6d,24,4a,2e,eb,3f,c7,d9,d0,c1,c6 ,3a,08,10,e9,3f,9a,75,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,76,46,06,25,9f,16,5a,b1,a2,25 ,fe,c5,26,c9,de,78,78,..
"khjeh"=hex:28,cb,78,02,ea,5d,b7,19,b3,7d,2d,89,c6 ,92,6a,b0,f8,cc,22,2b,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:cc,e6,cc,73,74,45,3c,71,2d,91,04,36,bf ,b7,8b,3d,2d,b5,0b,af,7c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:dd,13,6d,24,4a,2e,eb,3f,c7,d9,d0,c1,c6 ,3a,08,10,e9,3f,9a,75,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,76,46,06,25,9f,16,5a,b1,a2,25 ,fe,c5,26,c9,de,78,78,..
"khjeh"=hex:28,cb,78,02,ea,5d,b7,19,b3,7d,2d,89,c6 ,92,6a,b0,f8,cc,22,2b,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:cc,e6,cc,73,74,45,3c,71,2d,91,04,36,bf ,b7,8b,3d,2d,b5,0b,af,7c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:dd,13,6d,24,4a,2e,eb,3f,c7,d9,d0,c1,c6 ,3a,08,10,e9,3f,9a,75,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001]
"a0"=hex:20,01,00,00,76,46,06,25,9f,16,5a,b1,a2,25 ,fe,c5,26,c9,de,78,78,..
"khjeh"=hex:28,cb,78,02,ea,5d,b7,19,b3,7d,2d,89,c6 ,92,6a,b0,f8,cc,22,2b,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000 001\0Jf40]
"khjeh"=hex:cc,e6,cc,73,74,45,3c,71,2d,91,04,36,bf ,b7,8b,3d,2d,b5,0b,af,7c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:dd,13,6d,24,4a,2e,eb,3f,c7,d9,d0,c1,c6 ,3a,08,10,e9,3f,9a,75,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,76,46,06,25,9f,16,5a,b1,a2,25 ,fe,c5,26,c9,de,78,78,..
"khjeh"=hex:28,cb,78,02,ea,5d,b7,19,b3,7d,2d,89,c6 ,92,6a,b0,f8,cc,22,2b,9f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\s ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\ 0Jf40]
"khjeh"=hex:cc,e6,cc,73,74,45,3c,71,2d,91,04,36,bf ,b7,8b,3d,2d,b5,0b,af,7c,..

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 15


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Games\\Half life Non-Steam\\Counter-Strike 1.6 + Half-Life\\hl.exe"="C:\\Games\\Half life Non-Steam\\Counter-Strike 1.6 + Half-Life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Games\\Copy of half life\\HL\\hl.exe"="C:\\Games\\Copy of half life\\HL\\hl.exe:*:Enabled:Half-Life Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 4 Apr 2001 28,738 ...HR --- "C:\MOF XP pro\MSDE2000\SQLRESLD.DLL"
Wed 30 Jan 2002 22,016 A..H. --- "C:\Program Files\Game Graphic Studio\borlndmm.dll"
Wed 30 Jan 2002 620,544 A..H. --- "C:\Program Files\Game Graphic Studio\stlpmt45.dll"
Fri 7 Mar 2008 88 ..SHR --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\8C2960AE94.sys"
Mon 10 Mar 2008 2,098 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys"
Sun 12 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Sun 12 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Fri 28 Sep 2007 857 ...HR --- "C:\Documents and Settings\OMAX 2\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Spurl this Post!Reddit! Wong this Post!
  #8  
Old 4 Weeks Ago
hunt120's Avatar
Bronze Member
  
Posts: 17
PC Experience: PC Illiterate
hunt120 - See this Members User comments on their Profile page
Default Re: hijackthis log
Combo fix log and hijackthis log

================================================== ==============
Combo fix log
================================================== ==============
ComboFix 08-04-11.8 - OMAX 2 2008-04-18 10:44:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.166 [GMT 4:00]
Running from: C:\Documents and Settings\OMAX 2\My Documents\Setups\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2008-04-18 10:12 . 2008-04-18 10:12 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-18 10:07 . 2008-04-18 10:34 <DIR> d-------- C:\SDFix
2008-04-17 23:18 . 2008-04-17 23:19 <DIR> d-------- C:\Program Files\CCleaner
2008-04-17 20:49 . 2008-04-14 14:30 2,184 --a------ C:\WINDOWS\system32\wpa.dbl
2008-04-17 20:43 . 2008-04-17 20:43 36,864 --a------ C:\t3vk
2008-04-16 18:14 . 2008-04-16 18:41 <DIR> d-------- C:\Program Files\nLite
2008-04-15 22:14 . 2008-04-15 22:14 <DIR> d-------- C:\Documents and Settings\OMAX 2\Application Data\ATI
2008-04-13 16:11 . 2008-04-13 16:11 <DIR> d-------- C:\Program Files\Zenturi
2008-04-13 16:11 . 2008-04-13 16:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zenturi
2008-04-13 16:11 . 2008-04-13 16:11 26,000 --a------ C:\WINDOWS\system32\E3TL.DLL
2008-04-13 16:10 . 2008-04-13 16:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-12 21:15 . 2008-04-12 21:15 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-04-12 21:15 . 2008-04-12 21:15 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ZILLAbar
2008-04-12 21:15 . 2008-04-16 17:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\STOPzilla!
2008-04-12 21:10 . 2008-04-12 21:10 <DIR> d-------- C:\Documents and Settings\OMAX 2\Application Data\STOPzilla!
2008-04-12 21:09 . 2008-04-16 17:37 <DIR> d-------- C:\Program Files\STOPzilla!
2008-04-12 14:23 . 2008-04-12 14:35 <DIR> d-------- C:\Documents and Settings\OMAX 2\Application Data\AVG7
2008-04-12 14:22 . 2008-04-12 14:22 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2008-04-12 14:20 . 2008-04-17 20:33 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2008-04-12 11:57 . 2008-04-12 11:57 <DIR> d-------- C:\Program Files\Panda Security
2008-04-11 21:11 . 2008-04-11 21:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-11 18:38 . 2008-04-11 19:36 <DIR> d-------- C:\Documents and Settings\OMAX 2\Application Data\ErrorSmart
2008-04-09 21:31 . 2008-04-09 21:31 <DIR> d-------- C:\Program Files\Common Files\Thraex Software
2008-04-07 17:32 . 2008-04-07 17:36 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-04-03 09:31 . 2008-04-03 10:23 <DIR> d-------- C:\Program Files\EA GAMES
2008-03-30 14:59 . 2008-03-30 15:08 <DIR> d-------- C:\Documents and Settings\OMAX 2\Application Data\GSC
2008-03-27 23:05 . 2008-01-16 21:42 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-03-26 14:33 . 2008-03-26 14:33 99 --a------ C:\BIOSVIEW.INI
2008-03-26 14:33 . 2008-03-26 14:33 32 --a------ C:\BIOSINFO.INI
2008-03-22 09:04 . 2008-04-16 18:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
2008-03-22 09:03 . 2008-04-13 16:18 <DIR> d-------- C:\Program Files\Security Task Manager
2008-03-19 21:06 . 2008-03-19 21:07 <DIR> d-------- C:\Program Files\San Andreas Mod Installer
2008-03-18 16:46 . 2008-03-18 16:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ante Bike
2008-03-18 16:42 . 2008-03-18 16:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MEGAUPLOADTOOLBAR
2008-03-18 16:04 . 2008-03-19 16:10 <DIR> d-------- C:\Program Files\Spyware Doctor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-17 19:25 --------- d-----w C:\Program Files\GetRight
2008-04-16 18:36 --------- d-----w C:\Documents and Settings\OMAX 2\Application Data\Ahead
2008-04-16 10:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-15 17:42 --------- d-----w C:\Program Files\ATI Technologies
2008-04-12 16:07 --------- d-----w C:\Program Files\Tales of Pirates Online
2008-04-11 05:44 --------- d-----w C:\Program Files\Warcraft III
2008-04-09 14:53 --------- d-----w C:\Program Files\mIRC
2008-04-04 12:14 --------- d-----w C:\Documents and Settings\OMAX 2\Application Data\mIRC
2008-04-03 20:53 --------- d-----w C:\Program Files\FlashGet
2008-04-03 06:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 19:38 --------- d-----w C:\Documents and Settings\OMAX 2\Application Data\Azureus
2008-03-27 19:11 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-03-25 04:38 --------- d-----w C:\Documents and Settings\OMAX 2\Application Data\uTorrent
2008-03-25 04:35 --------- d-----w C:\Program Files\uTorrent
2008-03-22 07:07 --------- d-----w C:\Program Files\Google
2008-03-22 05:59 --------- d-----w C:\Documents and Settings\OMAX 2\Application Data\LimeWire
2008-03-19 17:08 --------- d-----w C:\Program Files\Rockstar Games
2008-03-19 09:40 1,845,888 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 18:14 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\MEGAUPLOADTOOLBAR
2008-03-10 13:07 --------- d-----w C:\Documents and Settings\OMAX 2\Application Data\Hamachi
2008-03-10 12:03 2,098 --sha-w C:\Documents and Settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2008-03-08 05:40 --------- d-----w C:\Program Files\Ocean Technologies & Media
2008-03-08 05:39 --------- d-----w C:\Documents and Settings\OMAX 2\Application Data\InstallShield
2008-03-08 05:36 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-07 17:51 88 --sh--r C:\Documents and Settings\All Users.WINDOWS\Application Data\8C2960AE94.sys
2008-03-07 17:50 --------- d-----w C:\Program Files\Common Files\Enterbrain
2008-03-07 17:49 --------- d-----w C:\Program Files\Enterbrain
2008-03-05 12:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Messenger Plus!
2008-03-05 10:55 --------- d-----w C:\Documents and Settings\OMAX 2\Application Data\Ante Bike
2008-03-05 10:55 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Phone store flag loud
2008-03-05 10:53 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-20 18:49 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 09:30 --------- d-----w C:\Program Files\DkZ Studio
2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-01 03:52 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2007-08-04 18:45 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
2007-08-04 18:45 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2007-08-04 18:45 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007080420070 805\index.dat
2007-08-04 18:45 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

------- Sigcheck -------

2007-04-16 01:23 360704 e6b15bcc470953e600ef7aded3cab142 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-02-17 15:41 360832 64af914216535bc450f85253462d6f24 C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-02-17 15:41 360832 64af914216535bc450f85253462d6f24 C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((( snapshot@2008-04-12_16.53.17.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-15 07:38:48 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-18 06:12:47 8,441,856 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-04-18 06:12:47 319,488 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-15 07:38:48 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-18 06:12:35 8,441,856 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-04-18 06:12:35 319,488 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-04-15 17:45:54 9,158 ----a-r C:\WINDOWS\Installer\{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}\ARPPRODUCTICON.exe
+ 2008-04-15 17:45:54 9,158 ----a-r C:\WINDOWS\Installer\{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}\NewShortcut1_6E06A57A67284CFBAA9A514 9F9C9ADB3.exe
+ 2008-04-15 17:45:54 9,158 ----a-r C:\WINDOWS\Installer\{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}\NewShortcut2_6E06A57A67284CFBAA9A514 9F9C9ADB3.exe
+ 2008-04-15 17:45:54 9,158 ----a-r C:\WINDOWS\Installer\{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}\NewShortcut21_6E06A57A67284CFBAA9A51 49F9C9ADB3.exe
+ 2008-04-15 17:45:54 9,158 ----a-r C:\WINDOWS\Installer\{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}\NewShortcut22_6E06A57A67284CFBAA9A51 49F9C9ADB3.exe
+ 2008-04-15 17:45:54 9,158 ----a-r C:\WINDOWS\Installer\{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}\NewShortcut3_6E06A57A67284CFBAA9A514 9F9C9ADB3.exe
+ 2008-04-15 17:45:54 9,158 ----a-r C:\WINDOWS\Installer\{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}\NewShortcut5_6E06A57A67284CFBAA9A514 9F9C9ADB3.exe
+ 2006-05-03 16:10:34 40,960 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\ati2erec.dll
+ 2006-04-28 20:05:14 127,614 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\atiicdxx.dat
+ 2006-05-03 16:15:58 151,552 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\atikvmag.dll
+ 2006-05-03 16:21:20 6,684,672 ----a-w C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\atioglx1.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"Cmaudio"="cmicnfg.cpl" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\OMAX 2\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-08-06 18:34:59 534016]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2007-07-02 11:32:40 659518]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableClock"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoChangeAnimation"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoMultiIE"= 0 (0x0)
"LWA"= 0 (0x0)
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="C:\\WINDOWS\\explorer.exe"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^OMAX 2^Start Menu^Programs^Startup^Reboot.exe]
path=C:\Documents and Settings\OMAX 2\Start Menu\Programs\Startup\Reboot.exe
backup=C:\WINDOWS\pss\Reboot.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AFProg]
--a------ 2006-06-26 06:26 118784 C:\Program Files\Hotspot Shield\AnchorFree\ctrl\AFController.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 16:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-06-29 21:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-01-09 22:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorSmart]
C:\Program Files\ErrorSmart\ErrorSmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flag loud mp3 bore]
--a------ 2008-04-18 10:01 3121152 C:\Documents and Settings\All Users.WINDOWS\Application Data\Phone store flag loud\LESS MP3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iso First]
--a------ 2008-03-05 14:53 439808 C:\DOCUME~1\OMAX2~1\APPLIC~1\ANTEBI~1\bluecast.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 06:03 221184 c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 06:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2007-04-15 23:25 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-08-06 16:02 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-08-20 15:04 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Games\\Half life Non-Steam\\Counter-Strike 1.6 + Half-Life\\hl.exe"=
"C:\\Games\\Copy of half life\\HL\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*isabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*isabled:SolidNetworkManager

R3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2006-12-17 00:37]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0444bbad-ba28-11dc-941d-00115bcb42e7}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0c30eb6f-7192-11dc-9369-00115bcb42e7}]
\Shell\Auto\command - I:\MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{0c416b7e-b967-11dc-9417-00115bcb42e7}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{5889c0b7-70db-11dc-9368-00115bcb42e7}]
\Shell\Auto\command - H:\boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{640c76fc-b4c0-11dc-940c-00115bcb42e7}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b6703471-bb2e-11dc-941f-0002449bb246}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{b6703473-bb2e-11dc-941f-0002449bb246}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{da835bbc-432b-11dc-92d2-00115bcb42e7}]
\Shell\Auto\command - G:\boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{defa9b6a-b438-11dc-9408-00115bcb42e7}]
\Shell\Auto\command - boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{defa9b6b-b438-11dc-9408-00115bcb42e7}]
\Shell\Auto\command - I:\boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 06:00:01 C:\WINDOWS\Tasks\AC8B8E04919C0BF4.job"
- c:\docume~1\omax2~1\applic~1\antebi~1\DEAD SOFT PLAN.exe
"2008-04-12 11:59:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-11 23:30:30 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart.OMAX 2+Runs ErrorSmart to optimize your registry.
"2007-08-17 16:48:19 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - OMAX 2.job"
- C:\PROGRA~1\NORTON~1\Navw32.exep/TASK:
"2008-04-17 18:17:30 C:\WINDOWS\Tasks\User_Feed_Synchronization-{3C4F4E4F-1B5E-40D0-B17F-8239F3B5D091}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
************************************************** ************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 10:47:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-04-18 10:49:04
ComboFix-quarantined-files.txt 2008-04-18 06:48:57
ComboFix2.txt 2008-04-12 12:54:11
Pre-Run: 11,649,196,032 bytes free
Post-Run: 11,635,122,176 bytes free
.
2008-04-11 23:26:21 --- E O F ---

================================================== ==============
Hijackthis log
================================================== ==============
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:51 AM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.talesofpirates.com/main.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKL