Thread: HijackThis log (Please check ASAP)
View Single Post
Old 05-12-2007, 04:17 AM   #4 (permalink)
ChemicalRomance
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


Re: HijackThis log (Please check ASAP)
"Johnny" - 2007-05-12 17:18:12 Service Pack 1
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Johnny\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\WINDOWS\retadpu41.exe
C:\WINDOWS\updater.exe
C:\Program Files\ipwindows\ipwins.dll
C:\Program Files\ipwindows\ipwins.exe
C:\Program Files\ipwindows\UnInstall.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\WINDOWS\b122.exe
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\Program Files\outerinfo
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\Johnny
C:\qoobox\purity\C\DOCUME~1\Johnny\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\Johnny\MYDOCU~1\WNSXS~1
C:\qoobox\purity\C\DOCUME~1\Johnny\MYDOCU~1\WNSXS~1\w?wexec.exe


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-12 ))))))))))))))))))))))))))))))))))


2007-05-07 21:56 2,560 ---hs---- C:\WINDOWS\system32\helperssc.exe
2007-05-07 20:52 2,560 ---hs---- C:\WINDOWS\system32\helpersrvc.exe
2007-05-01 05:18 <DIR> d-------- C:\WORD
2007-05-01 03:16 <DIR> d-------- C:\Program Files\GPSoftware
2007-04-29 19:37 <DIR> d-------- C:\Program Files\Webteh
2007-04-29 19:37 <DIR> d-------- C:\DOCUME~1\Johnny\APPLIC~1\BSplayer Pro
2007-04-29 19:37 <DIR> d-------- C:\DOCUME~1\Johnny\APPLIC~1\BSplayer
2007-04-29 15:37 <DIR> d-------- C:\Program Files\CyberLink
2007-04-29 15:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-04-20 11:30 2 --a------ C:\WINDOWS\system32\wintsvtr32.exe
2007-04-20 11:27 <DIR> d-------- C:\Program Files\Common Files\àdobe
2007-04-20 03:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-17 10:21 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-17 10:21 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-17 10:21 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-17 10:21 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-17 10:21 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-17 10:20 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-17 10:20 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-17 10:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-04-17 10:20 <DIR> d-------- C:\Program Files\Alwil Software
2007-04-16 12:07 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-04-16 12:07 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-04-16 12:07 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-04-16 12:07 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-04-16 12:07 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-04-16 12:07 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-04-16 12:07 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-04-16 12:07 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-04-16 12:07 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-04-16 12:07 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-04-16 12:07 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-04-16 12:07 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-04-16 12:07 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-04-16 12:07 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-04-16 12:07 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-04-16 12:07 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-04-16 12:07 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-04-16 12:07 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-04-14 20:07 <DIR> d-------- C:\Program Files\Everstrike Software
2007-04-14 20:07 <DIR> d-------- C:\Program Files\Common Files\Everstrike Software
2007-04-14 13:37 299 ---hs---- C:\WINDOWS\system32\ssc.exe
2007-04-13 15:42 <DIR> d-------- C:\Program Files\WinAVIVideoConverter


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-08 03:52:17 304 --sh--w C:\WINDOWS\system32\srvc.exe
2007-05-01 10:16:50 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-28 20:46:30 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\uTorrent
2007-04-25 23:22:15 -------- d-----w C:\Program Files\Common Files\?dobe
2007-04-22 21:52:28 -------- d-----w C:\Program Files\SpeedFan
2007-04-20 10:42:30 -------- d-----w C:\Program Files\SpywareBlaster
2007-04-16 1929 -------- d-----w C:\Program Files\Messenger
2007-04-04 08:00:07 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\Real
2007-04-04 08:00:07 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\Media Player Classic
2007-04-04 07:59:58 -------- d-----w C:\Program Files\Real Alternative
2007-04-04 07:59:55 -------- d-----w C:\Program Files\Media Player Classic
2007-04-01 08:07:35 3,712 ----a-w C:\WINDOWS\system32\socketlock.sys
2007-04-01 07:34:30 -------- d-----w C:\Program Files\Foxit Software
2007-03-31 10:41:34 -------- d-----w C:\Program Files\Ares
2007-03-29 23:44:44 -------- d-----w C:\Program Files\SlySoft
2007-03-29 23:28:56 -------- d-----w C:\Program Files\Alcohol Soft
2007-03-29 23:28:01 -------- d-----w C:\Program Files\Elaborate Bytes
2007-03-29 23:26:21 -------- d-----w C:\Program Files\DVD Shrink
2007-03-28 12:28:40 -------- d-----w C:\Program Files\Winamp
2007-03-24 01:42:51 -------- d-----w C:\Program Files\NavExcel Search Toolbar
2007-03-23 09:40:12 -------- d--h--w C:\Program Files\WindowsUpdate
2007-03-22 08:09:38 -------- d-----w C:\Program Files\XviD
2007-03-22 07:43:30 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\vlc
2007-03-22 00:56:06 -------- d-----w C:\Program Files\DivX
2007-03-22 00:51:37 -------- d-----w C:\Program Files\RegistryFix
2007-03-22 00:00:00 -------- d-----w C:\Program Files\Kerio
2007-03-21 23:59:48 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-03-21 12:12:09 -------- d-----w C:\Program Files\MediaMonkey
2007-03-21 11:49:22 -------- d-----w C:\Program Files\VideoLAN
2007-03-21 11:40:35 -------- d-----w C:\Program Files\Hercules
2007-03-21 11:20:59 -------- d-----w C:\Program Files\PestPatrol
2007-03-21 11:20:30 -------- d-----w C:\Program Files\VERITAS Software
2007-03-21 11:00:13 -------- d-----w C:\Program Files\Ahead
2007-03-21 11:00:12 -------- d-----w C:\Program Files\Common Files\Ahead
2007-03-21 09:01:42 -------- d-----w C:\Program Files\Anti Trojan Elite
2007-03-21 09:01:21 -------- d-----w C:\Program Files\RegistryCleanerXP
2007-03-21 09:01:18 -------- d-----w C:\Program Files\Network Associates
2007-03-21 04:39:04 63,488 --sha-w C:\WINDOWS\system32\urdvxc.exe
2007-03-21 03:46:23 64,281 ----a-w C:\WINDOWS\system32\dload.exe
2007-03-21 03:39:14 -------- d-----w C:\Program Files\MSN Messenger
2007-03-21 02:44:41 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\RegUpdate
2007-03-20 09:57:50 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\.BitTornado
2007-03-20 09:56:41 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-20 09:56:35 2,301 ----a-w C:\WINDOWS\mozver.dat
2007-03-20 09:55:59 -------- d-----w C:\Program Files\BitTornado
2007-03-20 09:24:51 -------- d-----w C:\Program Files\microsoft frontpage
2007-03-20 09:24:29 0 --sha-r C:\MSDOS.SYS
2007-03-20 09:24:29 0 --sha-r C:\IO.SYS
2007-03-20 09:24:29 0 ----a-w C:\CONFIG.SYS
2007-03-20 09:24:29 0 ----a-w C:\AUTOEXEC.BAT
2007-03-20 09:23:09 -------- d-----w C:\Program Files\Online Services
2007-03-20 09:22:35 -------- d-----w C:\Program Files\Movie Maker
2007-03-20 09:21:57 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-03-20 09:20:56 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-03-20 09:20:20 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-03-20 09:20:17 -------- d-----w C:\Program Files\Windows NT
2007-03-20 01:11:07 -------- d-----w C:\Program Files\Common Files\ODBC
2007-03-20 01:11:03 -------- d-----w C:\Program Files\Common Files\SpeechEngines


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{D80C4E21-C346-4E21-8E64-20746AA20AEB}"="C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll" [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RegistryUpdate"=""
"Anti Trojan Elite"="C:\\Program Files\\Anti Trojan Elite\\TJEnder.exe :NO"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SoundFusion"="RunDll32 hercplgs.cpl,BootEntryPoint"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"johnj315"="C:\\WINDOWS\\system32\\srvc.exe"
"sixer5"="C:\\WINDOWS\\system32\\ssc.exe"
"LFAgent"=""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"johnj315"="C:\\WINDOWS\\system32\\srvc.exe"
"sixer5"="C:\\WINDOWS\\system32\\ssc.exe"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0




[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-12 17:45:32
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-12 17:45:37
C:\ComboFix-quarantined-files.txt ... 2007-05-12 17:45
ChemicalRomance is offline