|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
12-21-2007, 09:47 PM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 50
OS: XP pro 2002 service pack 2
|
hijack log check please
Hi ive been inundated with the trojan vundamonde, I think I got rid of it by using spybot s&d and a program called noadware but I would like to get you guys to have a look at me hijackthis log please and let me know what I might have to delete there please. I also ran full system scan with norton symantec corperate vers.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:46:54 PM, on 22/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccApp .exe C:\WINDOWS\system32\igfxtray .exe C:\WINDOWS\system32\hkcmd .exe C:\PROGRA~1\SYMANT~1\VPTray .exe C:\WINDOWS\Mixer.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe C:\Program Files\Windows Defender\MSASCui .exe C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched .exe C:\WINDOWS\system32\ctfmon.exe D:\INTERN~1\mum.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SecCenter\scprot4.exe C:\WINDOWS\explorer.exe C:\Program Files\hijack this\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE F3 - REG:win.ini: load=C:\WINDOWS\system32\mljjh.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Fsotegei\iyeqixjp.dll O2 - BHO: (no name) - {B0DD96C0-CFF0-40C7-AA27-BE1AE6B57E23} - (no file) O2 - BHO: (no name) - {BB39A1FB-F438-4B0D-9E6E-4FAE98E44488} - C:\WINDOWS\system32\qommnlk.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [bupevypq] rundll32.exe "C:\Program Files\rktmxkre\ryhmvozm.dll",Init O4 - HKLM\..\Run: [azwxstwh] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\azwxstwh.dll" O4 - HKLM\..\Run: [pwxilmfq] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pwxilmfq.dll" O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [InternodeUsage] D:\INTERN~1\mum.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://portal O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1192096468609 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O20 - Winlogon Notify: qommnlk - C:\WINDOWS\SYSTEM32\qommnlk.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 7439 bytes Thank you lyric 39 Last edited by lyric39 : 12-21-2007 at 09:50 PM. Reason: extra info |
|
     |
|
12-23-2007, 10:46 AM
|
#2 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,354
OS: XP
|
Re: hijack log check please
www.bleepingcomputer.com
www.forospyware.com www.geekstogo.com 1. Please choose from any of the above links. Download the file & Save it to Desktop. 2. Double click on ComboFix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall |
|
|
|
|
12-24-2007, 01:11 PM
|
#3 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 50
OS: XP pro 2002 service pack 2
|
Re: hijack log check please
Have run combo fix results below thank you for responding so quickly...also on start up I am getting many dll errors. ill post combo log and then let you know what happens on next reboot.
ComboFix 07-12-25.2 - lynda 2007-12-25 6:53:02.1 - NTFSx86 Running from: C:\Documents and Settings\lynda\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Fsotegei C:\Program Files\Fsotegei\iyeqixjp.dll C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Mcqkygov C:\Program Files\Mcqkygov\wzlepndl.dll C:\Program Files\SecCenter C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Yjztzwso C:\Program Files\Yjztzwso\apersewc.dll C:\WINDOWS\system32\hjjlm.ini C:\WINDOWS\system32\hjjlm.ini2 C:\WINDOWS\system32\njprckha C:\WINDOWS\system32\njprckha\bg1.gif C:\WINDOWS\system32\njprckha\bgtop.gif C:\WINDOWS\system32\njprckha\bottom1.gif C:\WINDOWS\system32\njprckha\essentials.gif C:\WINDOWS\system32\njprckha\icon1.ico C:\WINDOWS\system32\njprckha\install1.gif C:\WINDOWS\system32\njprckha\left1.gif C:\WINDOWS\system32\njprckha\li.gif C:\WINDOWS\system32\njprckha\logo.gif C:\WINDOWS\system32\njprckha\main.htm C:\WINDOWS\system32\njprckha\mainframe.htm C:\WINDOWS\system32\njprckha\reinstall1.gif C:\WINDOWS\system32\njprckha\right1.gif C:\WINDOWS\system32\njprckha\s1.htm C:\WINDOWS\system32\njprckha\s2.htm C:\WINDOWS\system32\njprckha\s3.htm C:\WINDOWS\system32\njprckha\SMTop1.gif C:\WINDOWS\system32\njprckha\SMTop2.gif C:\WINDOWS\system32\njprckha\SMTop3.gif C:\WINDOWS\system32\njprckha\SMTop4.gif C:\WINDOWS\system32\njprckha\soft1_off.gif C:\WINDOWS\system32\njprckha\soft1_off_ext.gif C:\WINDOWS\system32\njprckha\soft1_on.gif C:\WINDOWS\system32\njprckha\soft1_on_ext.gif C:\WINDOWS\system32\njprckha\soft2_off.gif C:\WINDOWS\system32\njprckha\soft2_off_ext.gif C:\WINDOWS\system32\njprckha\soft2_on.gif C:\WINDOWS\system32\njprckha\soft2_on_ext.gif C:\WINDOWS\system32\njprckha\soft3_off.gif C:\WINDOWS\system32\njprckha\soft3_off_ext.gif C:\WINDOWS\system32\njprckha\soft3_on.gif C:\WINDOWS\system32\njprckha\soft3_on_ext.gif C:\WINDOWS\system32\njprckha\softbottom_off.gif C:\WINDOWS\system32\njprckha\softbottom_on.gif C:\WINDOWS\system32\njprckha\softleft_off.gif C:\WINDOWS\system32\njprckha\softleft_on.gif C:\WINDOWS\system32\njprckha\top1.gif C:\WINDOWS\system32\njprckha\top2.gif C:\WINDOWS\system32\njprckha\turnoff1.gif C:\WINDOWS\system32\njprckha\turnon1.gif . ((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 ))))))))))))))))))))))))))))))) . 2007-12-24 09:44 . 2007-12-24 13:31 <DIR> d-------- C:\Program Files\PrevxCSI 2007-12-24 09:35 . 2007-12-24 09:36 <DIR> d-------- C:\Documents and Settings\lynda\Application Data\PrevxCSI 2007-12-24 09:35 . 2007-12-24 09:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-12-24 09:22 . 2007-12-25 07:00 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2007-12-23 22:51 . 2007-12-23 22:51 <DIR> d-------- C:\Documents and Settings\lynda\Application Data\Uniblue 2007-12-23 20:05 . 2007-12-24 15:06 <DIR> d-------- C:\VundoFix Backups 2007-12-23 09:35 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-12-23 09:35 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-12-23 09:35 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-12-23 09:35 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-12-23 09:34 . 2007-12-23 09:34 <DIR> d-------- C:\Documents and Settings\lynda\Application Data\PC Tools 2007-12-22 15:01 . 2007-12-23 20:41 <DIR> d-------- C:\Program Files\hijack this 2007-12-22 09:59 . 2007-12-22 10:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-21 18:50 . 2007-12-21 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-21 18:49 . 2007-12-21 18:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-21 18:41 . 2007-12-21 18:42 <DIR> d-------- C:\Documents and Settings\lynda\Application Data\AdwareAlert 2007-12-21 17:31 . 2007-12-21 19:03 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-12-21 08:20 . 2007-12-25 07:00 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-21 07:45 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-20 17:59 . 2007-12-23 19:52 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe 2007-12-20 17:59 . 2007-12-23 19:51 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe 2007-12-20 17:59 . 2007-12-23 19:51 106,496 --a------ C:\WINDOWS\system32\hkcmd .exe 2007-12-20 17:48 . 2007-12-24 10:00 <DIR> d-------- C:\Program Files\rktmxkre 2007-12-20 17:48 . 2007-12-20 17:48 39,936 --a------ C:\WINDOWS\system32\gebbbya.dll 2007-12-13 22:29 . 2007-12-13 22:29 <DIR> d-------- C:\WINDOWS\usb-audio.deTascam 2007-12-13 22:29 . 2006-10-23 07:24 106,496 --a------ C:\WINDOWS\system32\US-122L_US-144.CPL 2007-12-13 22:26 . 2006-10-23 07:24 396,192 -ra------ C:\WINDOWS\system32\drivers\tascusb2.sys 2007-12-13 22:26 . 2006-10-23 07:24 19,904 -ra------ C:\WINDOWS\system32\drivers\tscusb2a.sys 2007-12-13 22:26 . 2006-10-23 07:24 10,752 -ra------ C:\WINDOWS\system32\drivers\tscusb2m.sys 2007-11-29 17:04 . 2007-11-29 17:04 253,952 --------- C:\WINDOWS\Setup1.exe 2007-11-29 17:04 . 2007-11-29 17:04 74,752 --a------ C:\WINDOWS\ST6UNST.EXE 2007-11-29 16:35 . 2007-12-22 11:31 215 --a------ C:\WINDOWS\wininit.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-24 19:57 --------- d-----w C:\Program Files\Symantec AntiVirus 2007-12-24 19:56 --------- d-----w C:\Program Files\Windows Defender 2007-12-24 19:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-24 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-12-24 10:12 --------- d-----w C:\Documents and Settings\lynda\Application Data\uTorrent 2007-12-22 04:00 413 ----a-w C:\Program Files\Shortcut to HijackThis.lnk 2007-12-13 17:03 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-13 12:48 --------- d-----w C:\Program Files\NCH Swift Sound 2007-11-23 09:27 --------- d-----w C:\Program Files\uTorrent 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 20:33 --------- d-----w C:\Documents and Settings\lynda\Application Data\NCH Swift Sound 2007-11-07 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2007-10-28 08:23 28,672 ----a-w C:\Program Files\wmdmhelper.dll 2007-10-28 08:23 --------- d-----w C:\Program Files\templates 2007-10-28 08:23 --------- d-----w C:\Program Files\rpplugins 2007-10-28 08:23 --------- d-----w C:\Program Files\plugins 2007-10-28 08:23 --------- d-----w C:\Program Files\Devices 2007-10-28 08:22 86,016 ----a-w C:\Program Files\rpplugprot.dll 2007-10-28 08:22 719,360 ----a-w C:\Program Files\dbghelp.dll 2007-10-28 08:22 682 ----a-w C:\Program Files\realplay.exe.manifest 2007-10-28 08:22 667,648 ----a-w C:\Program Files\rjbres.dll 2007-10-28 08:22 61,495 ----a-w C:\Program Files\ssimages.vs 2007-10-28 08:22 61,440 ----a-w C:\Program Files\rjwmapln.dll 2007-10-28 08:22 57,762 ----a-w C:\Program Files\howto.chm 2007-10-28 08:22 57,344 ----a-w C:\Program Files\tpasdk.dll 2007-10-28 08:22 57,344 ----a-w C:\Program Files\rdsf3260.dll 2007-10-28 08:22 568 ----a-w C:\Program Files\fpsectbl 2007-10-28 08:22 54,600 ----a-w C:\Program Files\rpshellsearch.dll 2007-10-28 08:22 54,584 ----a-w C:\Program Files\rpshell.dll 2007-10-28 08:22 53,098 ----a-w C:\Program Files\presets.rnx 2007-10-28 08:22 522,924 ----a-w C:\Program Files\normal.vs 2007-10-28 08:22 52,609 ----a-w C:\Program Files\RealNetworks License.html 2007-10-28 08:22 52,609 ----a-w C:\Program Files\playrlic.html 2007-10-28 08:22 50,548 ----a-w C:\Program Files\RealNetworks License.txt 2007-10-28 08:22 50,548 ----a-w C:\Program Files\playrlic.txt 2007-10-28 08:22 50 ----a-w C:\Program Files\strs23.dat 2007-10-28 08:22 49,152 ----a-w C:\Program Files\mmcdda32.dll 2007-10-28 08:22 49,152 ----a-w C:\Program Files\ierjplug.dll 2007-10-28 08:22 480 ----a-w C:\Program Files\keys.dat 2007-10-28 08:22 45,056 ----a-w C:\Program Files\rpau3260.dll 2007-10-28 08:22 339,968 ----a-w C:\Program Files\dtdr3260.dll 2007-10-28 08:22 335,872 ----a-w C:\Program Files\rjdlg.dll 2007-10-28 08:22 32,768 ----a-w C:\Program Files\tnetdtct.dll 2007-10-28 08:22 32,768 ----a-w C:\Program Files\rpwa3260.dll 2007-10-28 08:22 32,768 ----a-w C:\Program Files\rjprog.dll 2007-10-28 08:22 27,024 ----a-w C:\Program Files\Readme.html 2007-10-28 08:22 214,296 ----a-w C:\Program Files\realplay.exe 2007-10-28 08:22 207 ----a-w C:\Program Files\subscription.rnx 2007-10-28 08:22 201,949 ----a-w C:\Program Files\realplay.chm 2007-10-28 08:22 20,480 ----a-w C:\Program Files\rphelperapp.exe 2007-10-28 08:22 20,480 ----a-w C:\Program Files\fixrjb.exe 2007-10-28 08:22 2,851 ----a-w C:\Program Files\cdroms.cfg 2007-10-28 08:22 17,846 ----a-w C:\Program Files\videotest.rm 2007-10-28 08:22 16,296 ----a-w C:\Program Files\realtfon.fon 2007-10-28 08:22 139,264 ----a-w C:\Program Files\DUNZIP32.dll 2007-10-28 08:22 13 ----a-w C:\Program Files\strs26.dat 2007-10-28 08:22 119,808 ----a-w C:\Program Files\waiting.avi 2007-10-28 08:22 11,444 ----a-w C:\Program Files\frw.bmp 2007-10-28 08:22 102,400 ----a-w C:\Program Files\tsasdk.dll 2007-10-28 08:22 1,030 ----a-w C:\Program Files\autoplaylist.dat 2007-10-28 08:22 --------- d-----w C:\Program Files\Setup 2007-10-28 08:22 --------- d-----w C:\Program Files\producer 2007-10-28 08:22 --------- d-----w C:\Program Files\Netscape6 2007-10-28 08:22 --------- d-----w C:\Program Files\library 2007-10-28 08:22 --------- d-----w C:\Program Files\Firstrun 2007-10-28 08:22 --------- d-----w C:\Program Files\DataCache 2007-10-28 08:22 --------- d-----w C:\Program Files\Common Files\xing shared 2007-10-28 08:22 --------- d-----w C:\Program Files\Common Files\Real 2007-10-28 08:22 --------- d-----w C:\Program Files\CDBurning . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-24 09:03] "InternodeUsage"="D:\INTERN~1\mum.exe" [2007-07-06 00:17] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00] "C-Media Mixer"="Mixer.exe" [2002-10-15 19:00 C:\WINDOWS\mixer.exe] "SDTray"="D:\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-24 09:03] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 12:17] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 20:42:22] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" S3 CheckFSD;Antiy Labs FSD Service;D:\atool\CheckFSD.sys [2007-12-12 16:27] S3 CheckSSDT;Antiy Labs SSDT Service;D:\atool\SSDT.sys [2007-12-12 16:27] S3 HookMsg;Antiy Labs MsgHook Service;D:\atool\ABaseDrv.sys [2007-12-12 16:27] S3 Proc;Antiy Labs Process Service;D:\atool\Proc.sys [2007-12-12 16:27] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\WINDOWS\system32\Drivers\tascusb2.sys [2006-10-23 07:24] S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;C:\WINDOWS\system32\drivers\tscusb2m.sys [2006-10-23 07:24] S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;C:\WINDOWS\system32\drivers\tscusb2a.sys [2006-10-23 07:24] . Contents of the 'Scheduled Tasks' folder "2007-12-24 16:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job" - D:\AdwareAlert\AdwareAlert.ex - D:\AdwareAlert "2007-12-24 20:02:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-25 07:00:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-25 7:04:16 - machine was rebooted . 2007-12-24 10:16:07 --- E O F --- |
|
|
|
|
12-24-2007, 01:22 PM
|
#4 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,354
OS: XP
|
Re: hijack log check please
Please do this ...> explorer.exe restarting constantly
|
|
|
|
|
12-24-2007, 01:33 PM
|
#5 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 50
OS: XP pro 2002 service pack 2
|
Re: hijack log check please
hi again combo fix seems to have knocked norton corporaste out no dll problems now here is log you asked for from check.bat
----a-w 39,792 2007-12-24 10:23:45 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe ----a-w 185,632 2007-12-24 10:23:57 C:\Program Files\Common Files\Real\Update_OB\realsched .exe ----a-w 67,184 2007-12-24 10:23:31 C:\Program Files\Common Files\Symantec Shared\ccApp .exe ----a-w 132,496 2007-12-24 10:23:53 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ----a-w 31,016 2007-12-24 02:32:54 C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe ----a-w 120,640 2007-12-24 10:23:39 C:\Program Files\Symantec AntiVirus\VPTray .exe ----a-w 866,584 2007-12-24 10:23:50 C:\Program Files\Windows Defender\MSASCui .exe ----a-w 15,360 2007-12-24 20:20:25 C:\WINDOWS\system32\ctfmon .exe ----a-w 106,496 2007-12-23 08:51:39 C:\WINDOWS\system32\hkcmd .exe ----a-w 155,648 2007-12-23 08:51:39 C:\WINDOWS\system32\igfxtray .exe ----a-w 155,648 2007-12-23 08:52:01 C:\WINDOWS\system32\NeroCheck .exe Entries: 11 (11) Directories: 0 Files: 11 Bytes: 1,876,496 Blocks: 3,668 |
|
|
|
|
12-24-2007, 01:44 PM
|
#6 (permalink) | ||
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 21,354
OS: XP
|
Re: hijack log check please
Quote:
---------- Quote:
Example:- C:\WINDOWS\system32\NeroCheck<space>.exe used to be named C:\WINDOWS\system32\NeroCheck.exe You need to rename each of these files back to their original names; removing the added <space> from the end of the filename. When you have done so, double click on each file to make sure the program runs okay Let me know how that went |
||
|
|
|
|
12-24-2007, 07:36 PM
|
#10 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 50
OS: XP pro 2002 service pack 2
|
Re: hijack log check please
hi agian, have reinstalled symantic anti virus corperation, and windows defender, nero 6 seems to be working ok. After running norton again it found trojan adclicker and deleted it, I also found that it had numerous versions of that trojan in quarantine which I expected as that would come up heaps before you helped me. I'll check in later to see what the next thing is that you recommend, thanks you again
lyric39 |
|
|
|
|
12-24-2007, 07:42 PM
|
#11 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 50
OS: XP pro 2002 service pack 2
|
Re: hijack log check please
whoops just rebooted and its still there norton notification below
Scan type: Auto-Protect Scan Event: Threat Found! Threat: Trojan.Adclicker File: C:\WINDOWS\system32\mljjh.dll Location: C:\WINDOWS\system32 Computer: HOME User: HOME\lynda Action taken: Clean failed : Quarantine failed : Delete succeeded : Access denied Date found: Tuesday, 25 December 2007 1:39:46 PM |
|
|
|
|
12-25-2007, 01:54 PM
|
#13 (permalink) |
|
Registered User
Join Date: Dec 2007
Posts: 50
OS: XP pro 2002 service pack 2
|
Re: hijack log check please
here's my latest combo fix log
ComboFix 07-12-25.2 - lynda 2007-12-26 7:47:33.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.175 [GMT 11:00] Running from: C:\Documents and Settings\lynda\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-25 to 2007-12-25 ))))))))))))))))))))))))))))))) . 2007-12-25 11:14 . 2005-05-13 19:50 123,488 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-25 11:14 . 2005-05-13 19:50 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-12-24 09:44 . 2007-12-24 13:31 <DIR> d-------- C:\Program Files\PrevxCSI 2007-12-24 09:35 . 2007-12-24 09:36 <DIR> d-------- C:\Documents and Settings\lynda\Application Data\PrevxCSI 2007-12-24 09:35 . 2007-12-24 09:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-12-24 09:22 . 2007-12-26 07:42 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe 2007-12-23 22:51 . 2007-12-23 22:51 <DIR> d-------- C:\Documents and Settings\lynda\Application Data\Uniblue 2007-12-23 20:05 . 2007-12-24 15:06 <DIR> d-------- C:\VundoFix Backups 2007-12-22 15:01 . 2007-12-25 11:54 <DIR> d-------- C:\Program Files\hijack this 2007-12-22 09:59 . 2007-12-25 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-21 18:50 . 2007-12-21 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-12-21 18:49 . 2007-12-21 18:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-12-21 18:41 . 2007-12-21 18:42 <DIR> d-------- C:\Documents and Settings\lynda\Application Data\AdwareAlert 2007-12-21 17:31 . 2007-12-21 19:03 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-12-21 08:20 . 2007-12-25 11:24 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-21 07:45 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-20 17:59 . 2007-12-23 19:52 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe 2007-12-20 17:59 . 2007-12-23 19:51 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe 2007-12-20 17:59 . 2007-12-23 19:51 106,496 --a------ C:\WINDOWS\system32\hkcmd .exe 2007-12-20 17:48 . 2007-12-24 10:00 <DIR> d-------- C:\Program Files\rktmxkre 2007-12-20 17:48 . 2007-12-20 17:48 39,936 --a------ C:\WINDOWS\system32\gebbbya.dll 2007-12-13 22:29 . 2007-12-13 22:29 <DIR> d-------- C:\WINDOWS\usb-audio.deTascam 2007-12-13 22:29 . 2006-10-23 07:24 106,496 --a------ C:\WINDOWS\system32\US-122L_US-144.CPL 2007-12-13 22:26 . 2006-10-23 07:24 396,192 -ra------ C:\WINDOWS\system32\drivers\tascusb2.sys 2007-12-13 22:26 . 2006-10-23 07:24 19,904 -ra------ C:\WINDOWS\system32\drivers\tscusb2a.sys 2007-12-13 22:26 . 2006-10-23 07:24 10,752 -ra------ C:\WINDOWS\system32\drivers\tscusb2m.sys 2007-11-29 17:04 . 2007-11-29 17:04 253,952 --------- C:\WINDOWS\Setup1.exe 2007-11-29 17:04 . 2007-11-29 17:04 74,752 --a------ C:\WINDOWS\ST6UNST.EXE 2007-11-29 16:35 . 2007-12-22 11:31 215 --a------ C:\WINDOWS\wininit.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-25 20:42 --------- d-----w C:\Program Files\Symantec AntiVirus 2007-12-25 10:17 --------- d-----w C:\Documents and Settings\lynda\Application Data\uTorrent 2007-12-25 00:25 --------- d-----w C:\Program Files\Windows Defender 2007-12-25 00:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-12-25 00:14 --------- d-----w C:\Program Files\Symantec 2007-12-24 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-12-23 22:03 352,256 ----a-w C:\WINDOWS\system32\ctfmon.exe 2007-12-22 04:00 413 ----a-w C:\Program Files\Shortcut to HijackThis.lnk 2007-12-13 17:03 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-12-13 12:48 --------- d-----w C:\Program Files\NCH Swift Sound 2007-11-23 09:27 --------- d-----w C:\Program Files\uTorrent 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 20:33 --------- d-----w C:\Documents and Settings\lynda\Application Data\NCH Swift Sound 2007-11-07 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 08:23 28,672 ----a-w C:\Program Files\wmdmhelper.dll 2007-10-28 08:23 --------- d-----w C:\Program Files\templates 2007-10-28 08:23 --------- d-----w C:\Program Files\rpplugins 2007-10-28 08:23 --------- d-----w C:\Program Files\plugins 2007-10-28 08:23 --------- d-----w C:\Program Files\Devices 2007-10-28 08:22 86,016 ----a-w C:\Program Files\rpplugprot.dll 2007-10-28 08:22 719,360 ----a-w C:\Program Files\dbghelp.dll 2007-10-28 08:22 682 ----a-w C:\Program Files\realplay.exe.manifest 2007-10-28 08:22 667,648 ----a-w C:\Program Files\rjbres.dll 2007-10-28 08:22 61,495 ----a-w C:\Program Files\ssimages.vs 2007-10-28 08:22 61,440 ----a-w C:\Program Files\rjwmapln.dll 2007-10-28 08:22 57,762 ----a-w C:\Program Files\howto.chm 2007-10-28 08:22 57,344 ----a-w C:\Program Files\tpasdk.dll 2007-10-28 08:22 57,344 ----a-w C:\Program Files\rdsf3260.dll 2007-10-28 08:22 568 ----a-w C:\Program Files\fpsectbl 2007-10-28 08:22 54,600 ----a-w C:\Program Files\rpshellsearch.dll 2007-10-28 08:22 54,584 ----a-w C:\Program Files\rpshell.dll 2007-10-28 08:22 53,098 ----a-w C:\Program Files\presets.rnx 2007-10-28 08:22 522,924 ----a-w C:\Program Files\normal.vs 2007-10-28 08:22 52,609 ----a-w C:\Program Files\RealNetworks License.html 2007-10-28 08:22 52,609 ----a-w C:\Program Files\playrlic.html 2007-10-28 08:22 50,548 ----a-w C:\Program Files\RealNetworks License.txt 2007-10-28 08:22 50,548 ----a-w C:\Program Files\playrlic.txt 2007-10-28 08:22 50 ----a-w C:\Program Files\strs23.dat 2007-10-28 08:22 49,152 ----a-w C:\Program Files\mmcdda32.dll 2007-10-28 08:22 49,152 ----a-w C:\Program Files\ierjplug.dll 2007-10-28 08:22 480 ----a-w C:\Program Files\keys.dat 2007-10-28 08:22 45,056 ----a-w C:\Program Files\rpau3260.dll 2007-10-28 08:22 339,968 ----a-w C:\Program Files\dtdr3260.dll 2007-10-28 08:22 335,872 ----a-w C:\Program Files\rjdlg.dll 2007-10-28 08:22 32,768 ----a-w C:\Program Files\tnetdtct.dll 2007-10-28 08:22 32,768 ----a-w C:\Program Files\rpwa3260.dll 2007-10-28 08:22 32,768 ----a-w C:\Program Files\rjprog.dll 2007-10-28 08:22 27,024 ----a-w C:\Program Files\Readme.html 2007-10-28 08:22 214,296 ----a-w C:\Program Files\realplay.exe 2007-10-28 08:22 207 ----a-w C:\Program Files\subscription.rnx 2007-10-28 08:22 201,949 ----a-w C:\Program Files\realplay.chm 2007-10-28 08:22 20,480 ----a-w C:\Program Files\rphelperapp.exe 2007-10-28 08:22 20,480 ----a-w C:\Program Files\fixrjb.exe 2007-10-28 08:22 2,851 ----a-w C:\Program Files\cdroms.cfg 2007-10-28 08:22 17,846 ----a-w C:\Program Files\videotest.rm 2007-10-28 08:22 16,296 ----a-w C:\Program Files\realtfon.fon 2007-10-28 08:22 139,264 ----a-w C:\Program Files\DUNZIP32.dll 2007-10-28 08:22 13 ----a-w C:\Program Files\strs26.dat 2007-10-28 08:22 119,808 ----a-w C:\Program Files\waiting.avi 2007-10-28 08:22 11,444 ----a-w C:\Program Files\frw.bmp 2007-10-28 08:22 102,400 ----a-w C:\Program Files\tsasdk.dll 2007-10-28 08:22 1,030 ----a-w C:\Program Files\autoplaylist.dat 2007-10-28 08:22 --------- d-----w C:\Program Files\Setup 2007-10-28 08:22 --------- d-----w C:\Program Files\producer 2007-10-28 08:22 --------- d-----w C:\Program Files\Netscape6 2007-10-28 08:22 --------- d-----w C:\Program Files\library 2007-10-28 08:22 --------- d-----w C:\Program Files\Firstrun 2007-10-28 08:22 --------- d-----w C:\Program Files\DataCache 2007-10-28 08:22 --------- d-----w C:\Program Files\Common Files\xing shared 2007-10-28 08:22 --------- d-----w C:\Program Files\Common Files\Real 2007-10-28 08:22 --------- d-----w C:\Program Files\CDBurning 2007-10-27 06:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-18 04:38 155,995 ----a-w C:\WINDOWS\java\Packages\OFLN5RV1.ZIP . ((((((((((((((((((((((((((((( snapshot@2007-12-25_ 7.01.50.96 ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-25 00:15:36 25,214 ----a-r C:\WINDOWS\Installer\{3248E093-5288-4CA9-B3AB-11A675FEA1F9}\ARPPRODUCTICON.exe + 2007-12-25 00:15:36 40,960 ----a-r C:\WINDOWS\Installer\{3248E093-5288-4CA9-B3AB-11A675FEA1F9}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe + 2003-03-18 09:05:50 89,088 ----a-w C:\WINDOWS\system32\atl71.dll - 2004-01-02 04:20:24 466,944 ----a-w C:\WINDOWS\system32\capicom.dll + 2005-03-31 06:32:23 466,944 ----a-w C:\WINDOWS\system32\capicom.dll - 2004-08-13 01:35:04 28,723 ----a-r C:\WINDOWS\system32\cba.dll + 2005-06-23 08:28:58 34,552 ----a-w C:\WINDOWS\system32\cba.dll - 2004-12-23 09:19:08 11,504 ----a-w C:\WINDOWS\system32\drivers\symdns.sys + 2005-04-22 01:02:52 11,512 ----a-w C:\WINDOWS\system32\drivers\symdns.sys - 2004-12-23 09:19:10 166,640 ----a-w C:\WINDOWS\system32\drivers\symfw.sys + 2005-04-22 01:02:54 173,208 ----a-w C:\WINDOWS\system32\drivers\symfw.sys - 2004-12-23 09:19:14 47,024 ----a-w C:\WINDOWS\system32\drivers\symids.sys + 2005-04-22 01:02:58 36,984 ----a-w C:\WINDOWS\system32\drivers\symids.sys - 2004-12-23 09:19:12 52,048 ----a-w C:\WINDOWS\system32\drivers\symndis.sys + 2005-04-22 01:02:56 47,192 ----a-w C:\WINDOWS\system32\drivers\symndis.sys - 2004-12-23 09:19:16 16,784 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys + 2005-04-22 01:03:00 17,976 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys - 2004-12-23 09:19:18 264,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys + 2005-04-22 01:03:02 267,192 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys - 1998-03-04 02:47:18 77,824 ----a-r C:\WINDOWS\system32\loc32vc0.dll + 2005-06-23 08:29:00 83,648 ----a-w C:\WINDOWS\system32\loc32vc0.dll + 2003-03-18 11:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll - 2004-08-13 01:35:04 41,017 ----a-r C:\WINDOWS\system32\msgsys.dll + 2005-06-23 08:29:00 46,848 ----a-w C:\WINDOWS\system32\msgsys.dll - 2004-12-30 04:19:46 55,104 ----a-w C:\WINDOWS\system32\NavLogon.dll + 2005-06-23 08:27:44 43,712 ----a-w C:\WINDOWS\system32\NavLogon.dll - 2004-08-13 01:35:04 77,875 ----a-r C:\WINDOWS\system32\nts.dll + 2005-06-23 08:29:02 83,704 ----a-w C:\WINDOWS\system32\nts.dll - 2004-08-13 01:35:04 65,590 ----a-r C:\WINDOWS\system32\pds.dll + 2005-06-23 08:29:04 71,416 ----a-w C:\WINDOWS\system32\pds.dll - 2004-12-23 09:19:22 509,648 ----a-w C:\WINDOWS\system32\SymNeti.dll + 2005-04-22 01:03:06 517,848 ----a-w C:\WINDOWS\system32\SymNeti.dll - 2004-12-23 09:19:20 116,432 ----a-w C:\WINDOWS\system32\SymRedir.dll + 2005-04-22 01:03:04 132,824 ----a-w C:\WINDOWS\system32\SymRedir.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-24 09:03] "InternodeUsage"="D:\INTERN~1\mum.exe" [2007-07-06 00:17] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00] "C-Media Mixer"="Mixer.exe" [2002-10-15 19:00 C:\WINDOWS\mixer.exe] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2007-12-24 09:03] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 12:17] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-01-25 20:42:22] S3 CheckFSD;Antiy Labs FSD Service;D:\atool\CheckFSD.sys [2007-12-12 16:27] S3 CheckSSDT;Antiy Labs SSDT Service;D:\atool\SSDT.sys [2007-12-12 16:27] S3 HookMsg;Antiy Labs MsgHook Service;D:\atool\ABaseDrv.sys [2007-12-12 16:27] S3 Proc;Antiy Labs Process Service;D:\atool\Proc.sys [2007-12-12 16:27] S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\WINDOWS\system32\Drivers\tascusb2.sys [2006-10-23 07:24] S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;C:\WINDOWS\system32\drivers\tscusb2m.sys [2006-10-23 07:24] S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;C:\WINDOWS\system32\drivers\tscusb2a.sys [2006-10-23 07:24] . Contents of the 'Scheduled Tasks' folder "2007-12-25 16:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job" - D:\AdwareAlert\AdwareAlert.ex - D:\AdwareAlert "2007-12-25 20:44:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-26 07:49:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-26 7:50:38 C:\ComboFix2.txt ... 2007-12-25 07:04 . 2007-12-24 10:16:07 --- E O F --- |
|
|
