Thread: Another hijackthis log full of malware
View Single Post
Old 07-07-2007, 12:46 PM   #3 (permalink)
mihan77
Registered User
 
Join Date: Jul 2007
Posts: 6
OS: Win XP Professional


Nice: here is the log it produced
"Michael" - 2007-07-07 13:35:53 - ComboFix 07-07-07.4 - Service Pack 2


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


E:\DOCUME~1\Michael\Desktop.\Error Cleaner.url
E:\DOCUME~1\Michael\Desktop.\internet explorer.lnk
E:\DOCUME~1\Michael\Desktop.\Privacy Protector.url
E:\DOCUME~1\Michael\Desktop.\Spyware&Malware Protection.url
E:\DOCUME~1\Michael\FAVORI~1.\Error Cleaner.url
E:\DOCUME~1\Michael\FAVORI~1.\Privacy Protector.url
E:\DOCUME~1\Michael\FAVORI~1.\Spyware&Malware Protection.url
E:\WINDOWS\dat.txt
E:\WINDOWS\ddesupport.dll
E:\WINDOWS\msdde.dll
E:\WINDOWS\msole.dll
E:\WINDOWS\privacy_danger
E:\WINDOWS\privacy_danger\images\capt.gif
E:\WINDOWS\privacy_danger\images\danger.jpg
E:\WINDOWS\privacy_danger\images\down.gif
E:\WINDOWS\privacy_danger\images\spacer.gif
E:\WINDOWS\privacy_danger\index.htm
E:\WINDOWS\rs.txt


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 13:35 51,200 --a------ E:\WINDOWS\nircmd.exe
2007-07-06 20:37 <DIR> d-------- E:\Program Files\Lavasoft
2007-07-06 20:36 <DIR> d-------- E:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-06 20:25 <DIR> d-------- E:\Program Files\Common Files\Wise Installation Wizard
2007-07-06 05:31 <DIR> d-------- E:\Program Files\Enigma Software Group
2007-07-05 22:10 626,688 --a------ E:\WINDOWS\system32\msvcr80.dll
2007-07-05 22:02 <DIR> d-------- E:\WINDOWS\McAfee.com


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-07 18:38:41 -------- d-----w E:\Program Files\Weather Watcher
2007-07-07 01:27:47 -------- d-----w E:\DOCUME~1\Michael\APPLIC~1\Lavasoft
2007-06-10 19:11:47 -------- d-----w E:\Program Files\iTunes
2007-06-10 19:11:37 -------- d-----w E:\Program Files\iPod
2007-06-04 20:18:48 9,344 ----a-w E:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 20:17:02 8,320 ----a-w E:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 20:14:56 6,272 ----a-w E:\WINDOWS\system32\drivers\AWRTPD.sys
2007-05-16 15:12:02 683,520 ----a-w E:\WINDOWS\system32\inetcomm.dll
2007-05-12 00:40:51 -------- d-----w E:\Program Files\Design Science
2007-05-12 00:40:40 -------- d-----w E:\Program Files\MathType
2007-04-25 14:21:15 144,896 ----a-w E:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w E:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w E:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w E:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w E:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w E:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w E:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w E:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w E:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w E:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w E:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18 208,248 ----a-w E:\WINDOWS\system32\muweb.dll
2007-04-13 20:19:52 7,680 ----a-w E:\WINDOWS\system32\lsdelete.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69A87B7D-DE56-4136-9655-716BA50C19C7}]
2006-06-28 15:21 237568 --a------ E:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-12-15 03:23 440056 --a------ E:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9566395F-43D2-4c64-B525-B501FFA276E2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-20 00:55 2403392 -ra------ e:\program files\google\googletoolbar3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2007-06-05 21:06 325048 --a------ E:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="E:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-01-09 21:46]
"SynTPEnh"="E:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-01-09 21:45]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 19:24 E:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-24 21:00]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2002-08-14 15:21]
"Adobe Photo Downloader"="E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]
"CARPService"="carpserv.exe" [2003-01-27 18:22 E:\WINDOWS\system32\carpserv.exe]
"HP Component Manager"="E:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-04-11 15:25]
"DeviceDiscovery"="E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 18:37]
"ISUSPM Startup"="E:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 05:03]
"ISUSScheduler"="E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 05:03]
"HP Software Update"="E:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"QuickTime Task"="C:\program files\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"AVG7_CC"="E:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-07-06 20:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW4"="E:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" []
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"WeatherWatcher"="E:\Program Files\Weather Watcher\ww.exe" [2007-03-12 19:32]
"updateMgr"="E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-05 21:06]
"RssReader"="C:\Program Files\RssReader\RssReader.exe" []
"WMPNSCFG"="E:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///E:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{8FA550F4-888F-457F-B5B4-3805D0605737}"="E:\WINDOWS\msole.dll" []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]


Contents of the 'Scheduled Tasks' folder
2007-06-24 18:14:02 E:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-07 02:48:16 E:\WINDOWS\tasks\At1.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 13:41:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 13:42:22
E:\ComboFix-quarantined-files.txt ... 2007-07-07 13:41

--- E O F ---
mihan77 is offline