Tech Support Forum - View Single Post - HijackThis Log File

edifiz · 07-10-2007, 07:51 PM

"Owner" - 2007-07-10 21:44:09 - ComboFix 07-07-10.5 - Service Pack 2

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Owner\MYDOCU~1.\smbols~1
C:\Program Files\Common Files\{3018F~1
C:\Program Files\Common Files\{3018F~1\Uninst.exe
C:\Program Files\Common Files\{B018F~1
C:\Program Files\Common Files\{B018F~1\services.dll
C:\Program Files\Common Files\uninstall information
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\WINDOWS\b122.exe
C:\WINDOWS\curity~1
C:\WINDOWS\hosts
C:\WINDOWS\wr.txt

((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))

2007-07-10 21:43 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-07 06:28 <DIR> d-------- C:\Program Files\Peterson's
2007-07-06 21:22 <DIR> d-------- C:\DOCUME~1\Owner\.javaws
2007-07-06 21:18 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-07-04 15:23 <DIR> d-------- C:\Deckard
2007-07-04 09:16 <DIR> d-------- C:\TSF
2007-06-24 16:38 <DIR> d-------- C:\Program Files\Apple Software Update
2007-06-22 22:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
2007-06-17 12:40 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\12Voip
2007-06-16 08:43 <DIR> d-------- C:\Program Files\iCall

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-07 01:32:12 335 ----a-w C:\WINDOWS\nsreg.dat
2007-07-07 01:22:17 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-04 18:03:22 -------- d-----w C:\Program Files\Windows Defender
2007-07-04 18:02:16 -------- d-----w C:\Program Files\SpywareGuard
2007-07-04 18:01:42 -------- d-----w C:\Program Files\QuickTime
2007-07-04 17:53:20 -------- d-----w C:\Program Files\iTunes
2007-07-04 17:50:46 -------- d-----w C:\Program Files\FinePixViewer
2007-07-04 17:50:34 -------- d-----w C:\Program Files\EarthLink TotalAccess
2007-07-04 13:56:13 -------- d-----w C:\Program Files\iWin Games
2007-07-04 13:04:31 -------- d-----w C:\Program Files\Yahoo! Games
2007-07-04 12:55:14 -------- d-----w C:\Program Files\Winamp
2007-06-28 14:44:42 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-06-24 20:42:46 -------- d-----w C:\Program Files\iPod
2007-05-20 17:08:32 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\GetRightToGo
2007-05-20 02:21:02 -------- d-----w C:\Program Files\ReflexiveArcade
2007-05-18 19:17:37 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\FloodLightGames
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 11:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
2003-08-02 23:24 192512 -ra------ C:\Program Files\SpywareGuard\dlprotect.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B5F2E08-6F39-479a-B547-B2026E4C7EDF}]
2003-12-08 16:26 401408 --a------ C:\Program Files\EarthLink TotalAccess\PnEL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\VIRUSP~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
2004-08-13 18:42 155648 --a------ C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
2006-01-17 16:04 282624 --a------ C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 18:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-21 21:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-03-15 09:58]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 17:44]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-12 22:28]
"IridiumTimeWizard"="D:\My Documents\rupa\tp\iridium.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49]
"FreeCall"="C:\program files\freecall.com\freecall\freecall.exe" []
"12Voip"="C:\Program Files\12Voip.com\12Voip\12Voip.exe" []
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [2003-12-08 15:51]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b67d10-7fba-11db-bbbd-00c0a8895ef3}]
AutoRun\command- wd_windows_tools\setup.exe

Contents of the 'Scheduled Tasks' folder
2007-06-24 20:38:56 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-04 06:16:01 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-07-11 00:27:14 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-10 21:48:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-10 21:49:16
C:\ComboFix-quarantined-files.txt ... 2007-07-10 21:48

--- E O F ---

07-10-2007, 07:51 PM	#8 (permalink)
edifiz Registered User Join Date: Mar 2006 Posts: 94 OS: WINDOWS XP	ComboFix.txt "Owner" - 2007-07-10 21:44:09 - ComboFix 07-07-10.5 - Service Pack 2 ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Owner\MYDOCU~1.\smbols~1 C:\Program Files\Common Files\{3018F~1 C:\Program Files\Common Files\{3018F~1\Uninst.exe C:\Program Files\Common Files\{B018F~1 C:\Program Files\Common Files\{B018F~1\services.dll C:\Program Files\Common Files\uninstall information C:\Program Files\inetget2 C:\Program Files\ipwindows C:\WINDOWS\b122.exe C:\WINDOWS\curity~1 C:\WINDOWS\hosts C:\WINDOWS\wr.txt ((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 ))))))))))))))))))))))))))))))) 2007-07-10 21:43 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-07 06:28 <DIR> d-------- C:\Program Files\Peterson's 2007-07-06 21:22 <DIR> d-------- C:\DOCUME~1\Owner\.javaws 2007-07-06 21:18 <DIR> d--h----- C:\Program Files\Zero G Registry 2007-07-04 15:23 <DIR> d-------- C:\Deckard 2007-07-04 09:16 <DIR> d-------- C:\TSF 2007-06-24 16:38 <DIR> d-------- C:\Program Files\Apple Software Update 2007-06-22 22:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear 2007-06-17 12:40 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\12Voip 2007-06-16 08:43 <DIR> d-------- C:\Program Files\iCall (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-07 01:32:12 335 ----a-w C:\WINDOWS\nsreg.dat 2007-07-07 01:22:17 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-07-04 18:03:22 -------- d-----w C:\Program Files\Windows Defender 2007-07-04 18:02:16 -------- d-----w C:\Program Files\SpywareGuard 2007-07-04 18:01:42 -------- d-----w C:\Program Files\QuickTime 2007-07-04 17:53:20 -------- d-----w C:\Program Files\iTunes 2007-07-04 17:50:46 -------- d-----w C:\Program Files\FinePixViewer 2007-07-04 17:50:34 -------- d-----w C:\Program Files\EarthLink TotalAccess 2007-07-04 13:56:13 -------- d-----w C:\Program Files\iWin Games 2007-07-04 13:04:31 -------- d-----w C:\Program Files\Yahoo! Games 2007-07-04 12:55:14 -------- d-----w C:\Program Files\Winamp 2007-06-28 14:44:42 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype 2007-06-24 20:42:46 -------- d-----w C:\Program Files\iPod 2007-05-20 17:08:32 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\GetRightToGo 2007-05-20 02:21:02 -------- d-----w C:\Program Files\ReflexiveArcade 2007-05-18 19:17:37 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\FloodLightGames 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] 2006-10-26 11:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}] 2003-08-02 23:24 192512 -ra------ C:\Program Files\SpywareGuard\dlprotect.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B5F2E08-6F39-479a-B547-B2026E4C7EDF}] 2003-12-08 16:26 401408 --a------ C:\Program Files\EarthLink TotalAccess\PnEL.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] 2005-05-31 01:04 853672 --a------ C:\PROGRA~1\VIRUSP~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}] 2004-08-13 18:42 155648 --a------ C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] 2006-01-17 16:04 282624 --a------ C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 18:12] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-21 21:01] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32] "mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-03-15 09:58] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46] "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 17:44] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 18:07] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-07-12 22:28] "IridiumTimeWizard"="D:\My Documents\rupa\tp\iridium.exe" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 22:49] "FreeCall"="C:\program files\freecall.com\freecall\freecall.exe" [] "12Voip"="C:\Program Files\12Voip.com\12Voip\12Voip.exe" [] "E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [2003-12-08 15:51] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 10:13] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b67d10-7fba-11db-bbbd-00c0a8895ef3}] AutoRun\command- wd_windows_tools\setup.exe Contents of the 'Scheduled Tasks' folder 2007-06-24 20:38:56 C:\WINDOWS\tasks\AppleSoftwareUpdate.job 2007-06-04 06:16:01 C:\WINDOWS\tasks\MP Scheduled Scan.job 2007-07-11 00:27:14 C:\WINDOWS\tasks\Symantec NetDetect.job ************************************************************************ catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-10 21:48:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-07-10 21:49:16 C:\ComboFix-quarantined-files.txt ... 2007-07-10 21:48 --- E O F ---