Thread: I need help.. here's my hijackthis log
View Single Post
Old 10-08-2006, 05:46 PM   #4 (permalink)
Itchsays
Registered User
 
Join Date: Aug 2006
Posts: 52
OS: WinXP


combofix report
Yuichi Haga - 06-10-08 16:21:08.14 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Yuichi Haga\Desktop"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dxclib303562752.dll
C:\Documents and Settings\Yuichi Haga\Application Data\Dxcknwrd.dll
C:\WINDOWS\system32\bkd.exe
C:\Program Files\DeluxeCommunications\Dxc.exe
C:\Program Files\DeluxeCommunications\DxcBho.dll
C:\Program Files\DeluxeCommunications\DxcCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\adrot-uninst.exe
C:\WINDOWS\system32\adrotate.dll
C:\Program Files\Common Files\Yazzle1264OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Yuichi Haga\Application Data\RACLE~1
C:\QooBox\Purity\Documents and Settings\Yuichi Haga\My Documents\ASEMBL~1
C:\QooBox\Purity\Documents and Settings\Yuichi Haga\My Documents\ASEMBL~1\?ttrib.exe
C:\QooBox\Purity\Program Files\TSKS~1
C:\QooBox\Purity\Program Files\Common Files\ICROSO~1
C:\QooBox\Purity\Program Files\TSKS~1\chkdsk.exe
C:\QooBox\Purity\Program Files\TSKS~1\T?sks


((((((((((((((((((((((((((((((( Files Created from 2006-09-08 to 2006-10-08 ))))))))))))))))))))))))))))))))))


2006-10-07 09:50 555,350 ---hs---- C:\WINDOWS\system32\ehhkj.bak2
2006-10-07 04:13 131,072 --a------ C:\WINDOWS\system32\lyhdkz.dll
2006-10-06 03:33 86,036 --a------ C:\WINDOWS\system32\rccsrjkr.dll
2006-10-06 03:33 143,380 --a------ C:\WINDOWS\system32\ippgggxh.exe
2006-10-06 03:32 684,084 ---hs---- C:\WINDOWS\system32\jkhhe.dll
2006-10-06 03:32 518,011 ---hs---- C:\WINDOWS\system32\ehhkj.bak1
2006-10-06 03:27 433,636 --a------ C:\WINDOWS\hancermm.exe
2006-10-06 03:27 40,973 ---hs---- C:\WINDOWS\system32\awtqnlj.dll
2006-10-06 03:27 32,768 --a------ C:\WINDOWS\DXCecho.exe
2006-09-28 06:24 75,264 --a------ C:\WINDOWS\system32\nsi2A0.dll
2006-09-18 14:25 2 --a------ C:\WINDOWS\system32\wnsapitr.exe
2006-09-18 14:25 184,795 --a------ C:\WINDOWS\YazzleBundle-1264.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-08 16:40 -------- d-------- C:\Program Files\Common Files
2006-10-08 16:25 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-08 16:02 -------- d-------- C:\Program Files\OIN Search
2006-10-07 20:12 -------- d-------- C:\Program Files\eMule
2006-10-06 19:39 -------- d-------- C:\Documents and Settings\Yuichi Haga\Application Data\Sun
2006-10-06 19:26 -------- d-------- C:\Program Files\Java
2006-10-06 19:25 -------- d-------- C:\Program Files\Common Files\Java
2006-10-06 03:27 -------- d-------- C:\Program Files\mm
2006-10-02 00:15 -------- d-------- C:\Documents and Settings\Yuichi Haga\Application Data\Macromedia
2006-09-26 16:24 -------- d-------- C:\Program Files\AIM
2006-09-26 16:24 -------- d-------- C:\Documents and Settings\Yuichi Haga\Application Data\Help
2006-09-26 02:43 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-21 13:25 -------- d-------- C:\Program Files\Internet Explorer
2006-09-21 11:47 -------- d-------- C:\Program Files\WinRAR
2006-09-21 11:47 -------- d-------- C:\Program Files\SmartFTP Client 2.0
2006-09-21 11:47 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-21 11:47 -------- d-------- C:\Program Files\DAEMON Tools
2006-09-21 11:47 -------- d-------- C:\Program Files\7-Zip
2006-09-18 14:44 -------- d-------- C:\Documents and Settings\Yuichi Haga\Application Data\SystemDoctor 2006 Free
2006-09-11 22:10 -------- d---s---- C:\Documents and Settings\Yuichi Haga\Application Data\Microsoft
2006-09-11 22:10 -------- d-------- C:\Program Files\Valve
2006-09-07 21:54 -------- d-------- C:\Program Files\Viewpoint
2006-09-07 21:54 -------- d-------- C:\Program Files\AOD
2006-09-07 21:54 -------- d-------- C:\Documents and Settings\Yuichi Haga\Application Data\Aim
2006-08-31 22:33 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-31 22:33 -------- d-------- C:\Program Files\Bethesda Softworks
2006-08-17 12:55 -------- d-------- C:\Program Files\NoAdware4
2006-08-11 16:03 -------- d-------- C:\Program Files\QuickTime
2006-08-11 16:03 -------- d-------- C:\Program Files\Miranda IM
2006-08-11 16:03 -------- d-------- C:\Program Files\Matroska Pack
2006-08-11 12:00 -------- d-------- C:\Documents and Settings\Yuichi Haga\Application Data\Adobe
2006-07-28 01:38 32955 --a------ C:\WINDOWS\system32\uninstIcn.exe
2006-07-28 00:38 24576 --a------ C:\WINDOWS\system32\msxml3a.dll
2006-07-28 00:38 0 --a------ C:\Documents and Settings\Yuichi Haga\Application Data\internaldb41.dat
2006-07-19 23:34 875 --a------ C:\Documents and Settings\Yuichi Haga\Application Data\AdobeDLM.log
2006-07-19 23:34 0 --a------ C:\Documents and Settings\Yuichi Haga\Application Data\dm.ini
2006-07-17 22:10 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2006-07-17 22:10 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll
2006-07-13 20:34 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-07-13 20:34 348160 --------- C:\WINDOWS\system32\msvcr71.dll
2006-07-13 12:46 0 -rahs---- C:\MSDOS.SYS
2006-07-13 12:46 0 -rahs---- C:\IO.SYS
2006-07-13 12:46 0 --a------ C:\CONFIG.SYS
2006-07-13 12:46 0 --a------ C:\AUTOEXEC.BAT
2006-07-13 05:41 62 --ahs---- C:\Documents and Settings\Yuichi Haga\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"Steam"="C:\\Program Files\\Valve\\Steam\\\\Steam.exe -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"DeadAIM"="rundll32.exe \"C:\\Program Files\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,2c,01,00,00,00,00,00,00,d4,03,00,00,e7,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,68,02,00,00,1f,00,00,00,a8,00,00,00,9e,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoSMHelp"=dword:00000001
"NoDriveTypeAutoRun"=dword:00000091
"NoSMConfigurePrograms"=dword:00000001
"NoInternetIcon"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"NoInstrumentation"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"NoInternetOpenWith"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"ConfirmFileDelete"=dword:00000000
"NoDriveTypeAutoRun"=hex:b5,00,00,00
"NoDesktopCleanupWizard"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoSMHelp"=dword:00000001
"NoDriveTypeAutoRun"=dword:00000091
"NoSMConfigurePrograms"=dword:00000001
"NoInternetIcon"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"NoInstrumentation"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoSMHelp"=dword:00000001
"NoDriveTypeAutoRun"=dword:00000091
"NoSMConfigurePrograms"=dword:00000001
"NoInternetIcon"=dword:00000001
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoRecentDocsHistory"=dword:00000001
"NoInstrumentation"=dword:00000001

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhhe

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 06-10-08 16:47:33.10
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
Itchsays is offline